Vulnerability Description
An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sonicwall | Sonicos | < 5.9.2.14-13o |
| Sonicwall | Soho | - |
| Sonicwall | Nssp 12400 | - |
| Sonicwall | Nssp 12800 | - |
| Sonicwall | Sm9800 | - |
| Sonicwall | Nsa 2650 | - |
| Sonicwall | Nsa 3600 | - |
| Sonicwall | Nsa 3650 | - |
| Sonicwall | Nsa 4600 | - |
| Sonicwall | Nsa 4650 | - |
| Sonicwall | Nsa 5600 | - |
| Sonicwall | Nsa 5650 | - |
| Sonicwall | Nsa 6600 | - |
| Sonicwall | Nsa 6650 | - |
| Sonicwall | Sm 9200 | - |
| Sonicwall | Sm 9250 | - |
| Sonicwall | Sm 9400 | - |
| Sonicwall | Sm 9450 | - |
| Sonicwall | Sm 9600 | - |
| Sonicwall | Sm 9650 | - |
Related Weaknesses (CWE)
References
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015Vendor Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-US Government Resource
FAQ
What is CVE-2024-40766?
CVE-2024-40766 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the fir...
How severe is CVE-2024-40766?
CVE-2024-40766 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2024-40766?
Check the references section above for vendor advisories and patch information. Affected products include: Sonicwall Sonicos, Sonicwall Soho, Sonicwall Nssp 12400, Sonicwall Nssp 12800, Sonicwall Sm9800.