TROYANOSYVIRUS
Voltar para CVEs

CVE-2024-40766

CRITICALCISA KEV
9.8

Descricao

An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.

Detalhes CVE

Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado8/23/2024
Ultima modificacao10/31/2025
Fontekev
Avistamentos honeypot0

CISA KEV

FornecedorSonicWall
ProdutoSonicOS
Nome da vulnerabilidadeSonicWall SonicOS Improper Access Control Vulnerability
Data inclusao KEV2024-09-09
Prazo de remediacao2024-09-30
Uso em ransomwareKnown

Produtos afetados

sonicwall:nsa_2650sonicwall:nsa_2700sonicwall:nsa_3600sonicwall:nsa_3650sonicwall:nsa_3700sonicwall:nsa_4600sonicwall:nsa_4650sonicwall:nsa_4700sonicwall:nsa_5600sonicwall:nsa_5650sonicwall:nsa_5700sonicwall:nsa_6600sonicwall:nsa_6650sonicwall:nsa_6700sonicwall:nssp_10700sonicwall:nssp_11700sonicwall:nssp_12400sonicwall:nssp_12800sonicwall:nssp_13700sonicwall:sm9800sonicwall:sm_9200sonicwall:sm_9250sonicwall:sm_9400sonicwall:sm_9450sonicwall:sm_9600sonicwall:sm_9650sonicwall:sohosonicwall:soho_250sonicwall:soho_250wsonicwall:sohowsonicwall:sonicossonicwall:tz270sonicwall:tz270wsonicwall:tz370sonicwall:tz370wsonicwall:tz470sonicwall:tz470wsonicwall:tz570sonicwall:tz570psonicwall:tz570wsonicwall:tz670sonicwall:tz_300sonicwall:tz_300psonicwall:tz_300wsonicwall:tz_350sonicwall:tz_350wsonicwall:tz_400sonicwall:tz_400wsonicwall:tz_500sonicwall:tz_500wsonicwall:tz_600sonicwall:tz_600p

Fraquezas (CWE)

CWE-284

Referencias

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015(PSIRT@sonicwall.com)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-40766(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.