← Back to CVEs
CVE-2024-40766
CRITICALCISA KEV9.8
Description
An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.
CVE Details
CVSS v3.1 Score9.8
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published8/23/2024
Last Modified10/31/2025
Sourcekev
Honeypot Sightings0
CISA KEV
VendorSonicWall
ProductSonicOS
Vulnerability NameSonicWall SonicOS Improper Access Control Vulnerability
KEV Date Added2024-09-09
Remediation Due Date2024-09-30
Ransomware UseKnown
Affected Products
sonicwall:nsa_2650sonicwall:nsa_2700sonicwall:nsa_3600sonicwall:nsa_3650sonicwall:nsa_3700sonicwall:nsa_4600sonicwall:nsa_4650sonicwall:nsa_4700sonicwall:nsa_5600sonicwall:nsa_5650sonicwall:nsa_5700sonicwall:nsa_6600sonicwall:nsa_6650sonicwall:nsa_6700sonicwall:nssp_10700sonicwall:nssp_11700sonicwall:nssp_12400sonicwall:nssp_12800sonicwall:nssp_13700sonicwall:sm9800sonicwall:sm_9200sonicwall:sm_9250sonicwall:sm_9400sonicwall:sm_9450sonicwall:sm_9600sonicwall:sm_9650sonicwall:sohosonicwall:soho_250sonicwall:soho_250wsonicwall:sohowsonicwall:sonicossonicwall:tz270sonicwall:tz270wsonicwall:tz370sonicwall:tz370wsonicwall:tz470sonicwall:tz470wsonicwall:tz570sonicwall:tz570psonicwall:tz570wsonicwall:tz670sonicwall:tz_300sonicwall:tz_300psonicwall:tz_300wsonicwall:tz_350sonicwall:tz_350wsonicwall:tz_400sonicwall:tz_400wsonicwall:tz_500sonicwall:tz_500wsonicwall:tz_600sonicwall:tz_600p
Weaknesses (CWE)
CWE-284
References
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015(PSIRT@sonicwall.com)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-40766(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.