CVE-2024-40766

CRITICAL CISA KEV EPSS 96.4%

Published Aug 23, 20241y ago · Modified Jun 17, 20261w ago

9.8 CVSS 3.1

Critical

Find Similar

Published Aug 23, 2024 1y ago

Last Modified Jun 17, 2026 1w ago

KEV Listed Sep 9, 2024 1y ago

KEV Due Sep 30, 2024 638d overdue

Description

An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.

CVSS Details

Base Score

9.8

Exploitability

3.9

Impact

5.9

Vector string

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope Unchanged

Confidentiality High

Integrity High

Availability High

Threat Intelligence

CISA Known Exploited Overdue 638d

Added: Sep 9, 2024
Due: Sep 30, 2024

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

EPSS Exploit Probability

96.4% percentile

Exploit & Patch Status

Actively Exploited (KEV)

No Patch Available

Weaknesses 1

CWE-284

Affected Products 55

Vendor	Product	Version	Range
sonicwall	sonicos	*	<5.9.2.14-13o
sonicwall	soho	*	any
sonicwall	sonicos	*	<6.5.2.8-2n
sonicwall	nssp_12400	*	any
sonicwall	nssp_12800	*	any
sonicwall	sm9800	*	any
sonicwall	sonicos	*	<6.5.4.15.116n
sonicwall	nsa_2650	*	any
sonicwall	nsa_3600	*	any
sonicwall	nsa_3650	*	any
sonicwall	nsa_4600	*	any
sonicwall	nsa_4650	*	any
sonicwall	nsa_5600	*	any
sonicwall	nsa_5650	*	any
sonicwall	nsa_6600	*	any
sonicwall	nsa_6650	*	any
sonicwall	sm_9200	*	any
sonicwall	sm_9250	*	any
sonicwall	sm_9400	*	any
sonicwall	sm_9450	*	any
sonicwall	sm_9600	*	any
sonicwall	sm_9650	*	any
sonicwall	soho_250	*	any
sonicwall	soho_250w	*	any
sonicwall	sohow	*	any
sonicwall	tz_300	*	any
sonicwall	tz_300p	*	any
sonicwall	tz_300w	*	any
sonicwall	tz_350	*	any
sonicwall	tz_350w	*	any
sonicwall	tz_400	*	any
sonicwall	tz_400w	*	any
sonicwall	tz_500	*	any
sonicwall	tz_500w	*	any
sonicwall	tz_600	*	any
sonicwall	tz_600p	*	any
sonicwall	sonicos	*	≤7.0.1-5035
sonicwall	nsa_2700	*	any
sonicwall	nsa_3700	*	any
sonicwall	nsa_4700	*	any
sonicwall	nsa_5700	*	any
sonicwall	nsa_6700	*	any
sonicwall	nssp_10700	*	any
sonicwall	nssp_11700	*	any
sonicwall	nssp_13700	*	any
sonicwall	tz270	*	any
sonicwall	tz270w	*	any
sonicwall	tz370	*	any
sonicwall	tz370w	*	any
sonicwall	tz470	*	any
sonicwall	tz470w	*	any
sonicwall	tz570	*	any
sonicwall	tz570p	*	any
sonicwall	tz570w	*	any
sonicwall	tz670	*	any

References 2

psirt.global.sonicwall.com https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015

Vendor Advisory
cisa.gov https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-40766

US Government Resource

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.