← back
CVE-2024-40766

CVE-2024-40766

CVSS 9.3 CRITICALEPSS 15.7%● KEVCWE-284
In short

A flaw in SonicWall firewall management allows attackers to access restricted resources without proper authentication, and in certain cases, crash the firewall. This affects multiple generations of SonicWall devices running older SonicOS versions.

Technical detail

An improper access control vulnerability in SonicWall SonicOS management interface allows unauthenticated or insufficiently authenticated users to access protected resources. Under specific conditions, this can lead to denial of service through firewall crash. The vulnerability affects Gen 5, Gen 6, and Gen 7 devices running SonicOS 7.0.1-5035 or earlier.

Summary generated and translated by AI from the official description.
An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
Affected products
SonicWall · SonicOS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-40766