← Retour aux CVEs
CVE-2024-40766
CRITICALCISA KEV9.8
Description
An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.
Details CVE
Score CVSS v3.19.8
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie8/23/2024
Derniere modification10/31/2025
Sourcekev
Observations honeypot0
CISA KEV
FournisseurSonicWall
ProduitSonicOS
Nom vulnerabiliteSonicWall SonicOS Improper Access Control Vulnerability
Date ajout KEV2024-09-09
Date limite remediation2024-09-30
Utilise dans ransomwareKnown
Produits affectes
sonicwall:nsa_2650sonicwall:nsa_2700sonicwall:nsa_3600sonicwall:nsa_3650sonicwall:nsa_3700sonicwall:nsa_4600sonicwall:nsa_4650sonicwall:nsa_4700sonicwall:nsa_5600sonicwall:nsa_5650sonicwall:nsa_5700sonicwall:nsa_6600sonicwall:nsa_6650sonicwall:nsa_6700sonicwall:nssp_10700sonicwall:nssp_11700sonicwall:nssp_12400sonicwall:nssp_12800sonicwall:nssp_13700sonicwall:sm9800sonicwall:sm_9200sonicwall:sm_9250sonicwall:sm_9400sonicwall:sm_9450sonicwall:sm_9600sonicwall:sm_9650sonicwall:sohosonicwall:soho_250sonicwall:soho_250wsonicwall:sohowsonicwall:sonicossonicwall:tz270sonicwall:tz270wsonicwall:tz370sonicwall:tz370wsonicwall:tz470sonicwall:tz470wsonicwall:tz570sonicwall:tz570psonicwall:tz570wsonicwall:tz670sonicwall:tz_300sonicwall:tz_300psonicwall:tz_300wsonicwall:tz_350sonicwall:tz_350wsonicwall:tz_400sonicwall:tz_400wsonicwall:tz_500sonicwall:tz_500wsonicwall:tz_600sonicwall:tz_600p
Faiblesses (CWE)
CWE-284
References
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015(PSIRT@sonicwall.com)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-40766(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.