CVE-2024-40766

Summary

An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.

Affected Software

VendorProductVersion RangeStatus
SonicWallSonicOS5.9.2.14-12o and older versionsaffected
SonicWallSonicOS6.5.4.14-109n and older versionsaffected
SonicWallSonicOS7.0.1-5035 and older versionsaffected

Weaknesses

  • CWE-284: CWE-284 Improper Access Control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: yes
    • Technical Impact: partial

Additional References

References