Vulnerability-Lookup

CVE-2024-40766 (GCVE-0-2024-40766)

Vulnerability from cvelistv5 – Published: 2024-08-23 06:19 – Updated: 2025-10-21 22:55

CISA KEV

Summary

An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.

Severity ?

9.3 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L

CWE

CWE-284 - Improper Access Control

Assigner

sonicwall

References

URL

Tags

https://psirt.global.sonicwall.com/vuln-detail/SN…

vendor-advisory

Impacted products

	Vendor	Product	Version
	SonicWall	SonicOS	Affected: 5.9.2.14-12o and older versions Affected: 6.5.4.14-109n and older versions Affected: 7.0.1-5035 and older versions

CISA KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

KEV entry ID: 01044f81-c94c-457c-ac75-a2864ed88968

Vulnerability ID: CVE-2024-40766

Status: Confirmed

Status Updated: 2024-09-09 00:00 UTC

Exploited: Yes

Timestamps

First Seen: 2024-09-09

Asserted: 2024-09-09

Scope

Notes: KEV entry: SonicWall SonicOS Improper Access Control Vulnerability | Affected: SonicWall / SonicOS | Description: SonicWall SonicOS contains an improper access control vulnerability that could lead to unauthorized resource access and, under certain conditions, may cause the firewall to crash. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-09-30 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015; https://www.sonicwall.com/support/notices/gen-7-and-newer-sonicwall-firewalls-sslvpn-recent-threat-activity/kA1VN0000000RDG0A2 ; https://nvd.nist.gov/vuln/detail/CVE-2024-40766

Evidence

Type: Vendor Report

Signal: Successful Exploitation

Confidence: 80%

Source: cisa-kev

Details

Cwes	CWE-284
Feed	CISA Known Exploited Vulnerabilities Catalog
Product	SonicOS
Due Date	2024-09-30
Date Added	2024-09-09
Vendorproject	SonicWall
Vulnerabilityname	SonicWall SonicOS Improper Access Control Vulnerability
Knownransomwarecampaignuse	Known

References

CVE-2024-40766

Created: 2026-02-02 12:26 UTC | Updated: 2026-02-06 07:17 UTC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "sonicos",
            "vendor": "sonicwall",
            "versions": [
              {
                "lessThanOrEqual": "5.9.2.14-12o",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "6.5.4.14-109n",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "7.0.1-5035",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "sonicos",
            "vendor": "sonicwall",
            "versions": [
              {
                "lessThanOrEqual": "5.9.2.14-12o",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "6.5.4.14-109n",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "7.0.1-5035",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "sonicos",
            "vendor": "sonicwall",
            "versions": [
              {
                "lessThanOrEqual": "5.9.2.14-12o",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "6.5.4.14-109n",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "7.0.1-5035",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 9.3,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-40766",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-09T14:11:51.602153Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2024-09-09",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-40766"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T22:55:46.444Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-40766"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2024-09-09T00:00:00+00:00",
            "value": "CVE-2024-40766 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "platforms": [
            "Gen5",
            "Gen6",
            "Gen7"
          ],
          "product": "SonicOS",
          "vendor": "SonicWall",
          "versions": [
            {
              "status": "affected",
              "version": "5.9.2.14-12o and older versions"
            },
            {
              "status": "affected",
              "version": "6.5.4.14-109n and older versions"
            },
            {
              "status": "affected",
              "version": "7.0.1-5035 and older versions"
            }
          ]
        }
      ],
      "datePublic": "2024-08-23T06:13:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions."
            }
          ],
          "value": "An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "CWE-284 Improper Access Control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-23T06:19:07.229Z",
        "orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
        "shortName": "sonicwall"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015"
        }
      ],
      "source": {
        "advisory": "SNWLID-2024-0015",
        "discovery": "INTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
    "assignerShortName": "sonicwall",
    "cveId": "CVE-2024-40766",
    "datePublished": "2024-08-23T06:19:07.229Z",
    "dateReserved": "2024-07-10T15:58:49.462Z",
    "dateUpdated": "2025-10-21T22:55:46.444Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2024-40766",
      "cwes": "[\"CWE-284\"]",
      "dateAdded": "2024-09-09",
      "dueDate": "2024-09-30",
      "knownRansomwareCampaignUse": "Known",
      "notes": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015; https://www.sonicwall.com/support/notices/gen-7-and-newer-sonicwall-firewalls-sslvpn-recent-threat-activity/kA1VN0000000RDG0A2 ; https://nvd.nist.gov/vuln/detail/CVE-2024-40766",
      "product": "SonicOS",
      "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
      "shortDescription": "SonicWall SonicOS contains an improper access control vulnerability that could lead to unauthorized resource access and, under certain conditions, may cause the firewall to crash.",
      "vendorProject": "SonicWall",
      "vulnerabilityName": "SonicWall SonicOS Improper Access Control Vulnerability"
    },
    "fkie_nvd": {
      "cisaActionDue": "2024-09-30",
      "cisaExploitAdd": "2024-09-09",
      "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
      "cisaVulnerabilityName": "SonicWall SonicOS Improper Access Control Vulnerability",
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"5.9.2.14-13o\", \"matchCriteriaId\": \"37E20C47-F8DA-4313-B9AD-C63CEA9D42C5\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sonicwall:soho:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C6B6B3FD-428E-4D6C-8C45-172CF4FB430D\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"6.5.2.8-2n\", \"matchCriteriaId\": \"0B16D102-B2BA-4F94-A42F-B8EB2E697907\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sonicwall:nssp_12400:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F2F22AB1-044C-45F1-BD33-82BB46402363\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sonicwall:nssp_12800:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E62EAD79-2CD4-4479-B26A-A0C97B5B241A\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sonicwall:sm9800:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FCBF16D6-4C60-440D-95AB-986ABC4F9100\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"6.5.4.15.116n\", \"matchCriteriaId\": \"CAFD6E22-8E19-4B5A-85DE-7850FE0AE7CF\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sonicwall:nsa_2650:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B7BCDFEE-DC5A-44B8-85DF-8BFC02B1A973\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sonicwall:nsa_3600:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8A24BCC0-CE41-49AF-B03D-D4FCB422503B\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sonicwall:nsa_3650:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"043858A6-26AC-4EB0-A240-A43AD08C6AD5\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sonicwall:nsa_4600:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8FD73880-DC60-467F-99B6-69807D58A840\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sonicwall:nsa_4650:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"73BB9452-A014-4A68-9662-63E6C60EEAD2\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sonicwall:nsa_5600:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B0CF683A-7E83-464B-8A0D-4CC641377FA6\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sonicwall:nsa_5650:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9FAAEBB4-F180-4195-BA7F-591AB02EEDC9\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sonicwall:nsa_6600:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CD9C3F77-2F1A-4C4F-A8F8-CDBFB7B87891\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sonicwall:nsa_6650:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"676B05B2-716E-4DC4-BEE8-0E3BCCA5DB27\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sonicwall:sm_9200:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FEF2B435-957C-4BBE-937D-23E4F33189EF\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sonicwall:sm_9250:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0CE4FE75-10AD-47D4-AF87-E4C294F89EA8\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sonicwall:sm_9400:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B485C543-DFCF-4481-92B4-F7198EE4FBD1\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sonicwall:sm_9450:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"928C1C0D-7AF7-4076-B5B2-207DFF3AD6A4\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sonicwall:sm_9600:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F030C5AB-36CA-445E-AC87-8DEE18DBB40E\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sonicwall:sm_9650:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A1F9D940-8AE2-4B92-B69D-9FF6F48DF16C\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sonicwall:soho_250:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9FDE64E9-44DD-4B7C-BA34-FE2C79E3FAED\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sonicwall:soho_250w:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4E8F3935-89B4-4091-9B8C-442C02FD4F3A\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sonicwall:sohow:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7268E89B-FF46-45AD-82FF-333505EF957B\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sonicwall:tz_300:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0804FADE-57F7-452F-86B3-079701059D37\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sonicwall:tz_300p:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9956F726-6D62-4616-B60A-4D3DD6F32105\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sonicwall:tz_300w:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"29F4D403-F20A-4802-AAE9-9582486EB436\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sonicwall:tz_350:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"675F28A7-0BB3-4CDA-855E-7EFC650B512E\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sonicwall:tz_350w:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FF991212-3F2C-4F54-B96C-C33F500DB77B\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sonicwall:tz_400:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5983C650-84F6-4B2E-A27E-9E83EA1DDC02\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sonicwall:tz_400w:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BDD4B412-7967-477F-929E-8F12A39186FF\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sonicwall:tz_500:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A1D996FA-52D1-47C2-87E6-682EEC9CA532\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sonicwall:tz_500w:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B9DEF6EE-000D-407D-AA2B-E039BA306A2A\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sonicwall:tz_600:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C0B8BFA4-2E15-4318-B7A9-DBDE801D0CF0\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sonicwall:tz_600p:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DCB8CDE6-8052-40F7-950F-05329499A58A\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"7.0.1-5035\", \"matchCriteriaId\": \"34814AB8-5F1D-44B4-B53B-FC4FA794DDAA\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sonicwall:nsa_2700:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8D8B0C7A-FD65-47CA-A625-150A90EFA7A1\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sonicwall:nsa_3700:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A69E000B-5806-46FD-A233-4E2CC9DD38D2\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sonicwall:nsa_4700:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8DF4A322-7CC7-4AB9-B10E-FFF34DF2182D\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sonicwall:nsa_5700:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4C15FED5-C48C-47CF-9645-0563D77883C1\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sonicwall:nsa_6700:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A884B1BB-F201-4C77-9F6E-B8A884DCD4C2\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sonicwall:nssp_10700:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7C3BA5A3-1160-4793-A8D6-40B9D264BCC4\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sonicwall:nssp_11700:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6739DEA3-06FF-4FEB-9931-0DB27F63B70E\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sonicwall:nssp_13700:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0250EDF9-0AEF-4711-8EF6-D447CF48BCAF\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sonicwall:tz270:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"70340DD4-687B-402C-85AF-C2B80D0F1600\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sonicwall:tz270w:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"52847BA2-470B-4078-A79B-52095DB9214B\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sonicwall:tz370:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9853AE3A-B0EA-4249-AA7D-1F2051C9BF91\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sonicwall:tz370w:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4DBDD10C-F89D-4051-BC70-67B41167FF9B\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sonicwall:tz470:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6C23940E-2F9D-447B-A740-42035ED5D400\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sonicwall:tz470w:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"90C790AD-C40E-4527-8F83-D278282A9600\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sonicwall:tz570:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C7DF76E0-8E3D-4E0D-A3BB-F5AE05A4C7C9\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sonicwall:tz570p:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"352DFCF9-E333-41C0-8033-91265768FD8E\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sonicwall:tz570w:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4C882C38-9DA5-4C03-BB23-AB2B448E3307\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sonicwall:tz670:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AEEA6065-48D3-4EC7-BD94-CBAE3D1010FF\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.\"}, {\"lang\": \"es\", \"value\": \"Se ha identificado una vulnerabilidad de control de acceso inadecuado en el acceso de administraci\\u00f3n de SonicWall SonicOS, que potencialmente conduce a un acceso no autorizado a recursos y, en condiciones espec\\u00edficas, provoca que el firewall falle. Este problema afecta a los dispositivos SonicWall Firewall Gen 5 y Gen 6, as\\u00ed como a los dispositivos Gen 7 que ejecutan SonicOS 7.0.1-5035 y versiones anteriores.\"}]",
      "id": "CVE-2024-40766",
      "lastModified": "2024-09-16T19:48:30.827",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}, {\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L\", \"baseScore\": 9.3, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 4.7}]}",
      "published": "2024-08-23T07:15:03.643",
      "references": "[{\"url\": \"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015\", \"source\": \"PSIRT@sonicwall.com\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "PSIRT@sonicwall.com",
      "vulnStatus": "Analyzed",
      "weaknesses": "[{\"source\": \"PSIRT@sonicwall.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-284\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-40766\",\"sourceIdentifier\":\"PSIRT@sonicwall.com\",\"published\":\"2024-08-23T07:15:03.643\",\"lastModified\":\"2025-10-31T15:56:26.010\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.\"},{\"lang\":\"es\",\"value\":\"Se ha identificado una vulnerabilidad de control de acceso inadecuado en el acceso de administraci\u00f3n de SonicWall SonicOS, que potencialmente conduce a un acceso no autorizado a recursos y, en condiciones espec\u00edficas, provoca que el firewall falle. Este problema afecta a los dispositivos SonicWall Firewall Gen 5 y Gen 6, as\u00ed como a los dispositivos Gen 7 que ejecutan SonicOS 7.0.1-5035 y versiones anteriores.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L\",\"baseScore\":9.3,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":4.7}]},\"cisaExploitAdd\":\"2024-09-09\",\"cisaActionDue\":\"2024-09-30\",\"cisaRequiredAction\":\"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.\",\"cisaVulnerabilityName\":\"SonicWall SonicOS Improper Access Control Vulnerability\",\"weaknesses\":[{\"source\":\"PSIRT@sonicwall.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.9.2.14-13o\",\"matchCriteriaId\":\"37E20C47-F8DA-4313-B9AD-C63CEA9D42C5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sonicwall:soho:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6B6B3FD-428E-4D6C-8C45-172CF4FB430D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.5.2.8-2n\",\"matchCriteriaId\":\"0B16D102-B2BA-4F94-A42F-B8EB2E697907\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sonicwall:nssp_12400:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2F22AB1-044C-45F1-BD33-82BB46402363\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sonicwall:nssp_12800:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E62EAD79-2CD4-4479-B26A-A0C97B5B241A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sonicwall:sm9800:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FCBF16D6-4C60-440D-95AB-986ABC4F9100\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.5.4.15.116n\",\"matchCriteriaId\":\"CAFD6E22-8E19-4B5A-85DE-7850FE0AE7CF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sonicwall:nsa_2650:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7BCDFEE-DC5A-44B8-85DF-8BFC02B1A973\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sonicwall:nsa_3600:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A24BCC0-CE41-49AF-B03D-D4FCB422503B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sonicwall:nsa_3650:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"043858A6-26AC-4EB0-A240-A43AD08C6AD5\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sonicwall:nsa_4600:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8FD73880-DC60-467F-99B6-69807D58A840\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sonicwall:nsa_4650:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"73BB9452-A014-4A68-9662-63E6C60EEAD2\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sonicwall:nsa_5600:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0CF683A-7E83-464B-8A0D-4CC641377FA6\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sonicwall:nsa_5650:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9FAAEBB4-F180-4195-BA7F-591AB02EEDC9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sonicwall:nsa_6600:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD9C3F77-2F1A-4C4F-A8F8-CDBFB7B87891\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sonicwall:nsa_6650:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"676B05B2-716E-4DC4-BEE8-0E3BCCA5DB27\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sonicwall:sm_9200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FEF2B435-957C-4BBE-937D-23E4F33189EF\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sonicwall:sm_9250:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0CE4FE75-10AD-47D4-AF87-E4C294F89EA8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sonicwall:sm_9400:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B485C543-DFCF-4481-92B4-F7198EE4FBD1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sonicwall:sm_9450:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"928C1C0D-7AF7-4076-B5B2-207DFF3AD6A4\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sonicwall:sm_9600:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F030C5AB-36CA-445E-AC87-8DEE18DBB40E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sonicwall:sm_9650:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A1F9D940-8AE2-4B92-B69D-9FF6F48DF16C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sonicwall:soho_250:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9FDE64E9-44DD-4B7C-BA34-FE2C79E3FAED\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sonicwall:soho_250w:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E8F3935-89B4-4091-9B8C-442C02FD4F3A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sonicwall:sohow:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7268E89B-FF46-45AD-82FF-333505EF957B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sonicwall:tz_300:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0804FADE-57F7-452F-86B3-079701059D37\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sonicwall:tz_300p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9956F726-6D62-4616-B60A-4D3DD6F32105\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sonicwall:tz_300w:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"29F4D403-F20A-4802-AAE9-9582486EB436\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sonicwall:tz_350:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"675F28A7-0BB3-4CDA-855E-7EFC650B512E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sonicwall:tz_350w:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF991212-3F2C-4F54-B96C-C33F500DB77B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sonicwall:tz_400:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5983C650-84F6-4B2E-A27E-9E83EA1DDC02\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sonicwall:tz_400w:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDD4B412-7967-477F-929E-8F12A39186FF\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sonicwall:tz_500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A1D996FA-52D1-47C2-87E6-682EEC9CA532\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sonicwall:tz_500w:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B9DEF6EE-000D-407D-AA2B-E039BA306A2A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sonicwall:tz_600:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0B8BFA4-2E15-4318-B7A9-DBDE801D0CF0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sonicwall:tz_600p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DCB8CDE6-8052-40F7-950F-05329499A58A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"7.0.1-5035\",\"matchCriteriaId\":\"34814AB8-5F1D-44B4-B53B-FC4FA794DDAA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sonicwall:nsa_2700:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D8B0C7A-FD65-47CA-A625-150A90EFA7A1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sonicwall:nsa_3700:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A69E000B-5806-46FD-A233-4E2CC9DD38D2\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sonicwall:nsa_4700:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8DF4A322-7CC7-4AB9-B10E-FFF34DF2182D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sonicwall:nsa_5700:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C15FED5-C48C-47CF-9645-0563D77883C1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sonicwall:nsa_6700:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A884B1BB-F201-4C77-9F6E-B8A884DCD4C2\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sonicwall:nssp_10700:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7C3BA5A3-1160-4793-A8D6-40B9D264BCC4\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sonicwall:nssp_11700:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6739DEA3-06FF-4FEB-9931-0DB27F63B70E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sonicwall:nssp_13700:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0250EDF9-0AEF-4711-8EF6-D447CF48BCAF\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sonicwall:tz270:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"70340DD4-687B-402C-85AF-C2B80D0F1600\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sonicwall:tz270w:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"52847BA2-470B-4078-A79B-52095DB9214B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sonicwall:tz370:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9853AE3A-B0EA-4249-AA7D-1F2051C9BF91\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sonicwall:tz370w:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DBDD10C-F89D-4051-BC70-67B41167FF9B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sonicwall:tz470:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C23940E-2F9D-447B-A740-42035ED5D400\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sonicwall:tz470w:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"90C790AD-C40E-4527-8F83-D278282A9600\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sonicwall:tz570:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7DF76E0-8E3D-4E0D-A3BB-F5AE05A4C7C9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sonicwall:tz570p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"352DFCF9-E333-41C0-8033-91265768FD8E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sonicwall:tz570w:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C882C38-9DA5-4C03-BB23-AB2B448E3307\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sonicwall:tz670:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AEEA6065-48D3-4EC7-BD94-CBAE3D1010FF\"}]}]}],\"references\":[{\"url\":\"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015\",\"source\":\"PSIRT@sonicwall.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-40766\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"affected\": [{\"defaultStatus\": \"unknown\", \"platforms\": [\"Gen5\", \"Gen6\", \"Gen7\"], \"product\": \"SonicOS\", \"vendor\": \"SonicWall\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.9.2.14-12o and older versions\"}, {\"status\": \"affected\", \"version\": \"6.5.4.14-109n and older versions\"}, {\"status\": \"affected\", \"version\": \"7.0.1-5035 and older versions\"}]}], \"datePublic\": \"2024-08-23T06:13:00.000Z\", \"descriptions\": [{\"lang\": \"en\", \"supportingMedia\": [{\"base64\": false, \"type\": \"text/html\", \"value\": \"An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.\"}], \"value\": \"An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.\"}], \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-284\", \"description\": \"CWE-284 Improper Access Control\", \"lang\": \"en\", \"type\": \"CWE\"}]}], \"providerMetadata\": {\"orgId\": \"44b2ff79-1416-4492-88bb-ed0da00c7315\", \"shortName\": \"sonicwall\", \"dateUpdated\": \"2024-08-23T06:19:07.229Z\"}, \"references\": [{\"tags\": [\"vendor-advisory\"], \"url\": \"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015\"}], \"source\": {\"advisory\": \"SNWLID-2024-0015\", \"discovery\": \"INTERNAL\"}, \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}}, \"adp\": [{\"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 9.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-40766\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-09T14:11:51.602153Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2024-09-09\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-40766\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*\"], \"vendor\": \"sonicwall\", \"product\": \"sonicos\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.9.2.14-12o\"}, {\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"6.5.4.14-109n\"}, {\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"7.0.1-5035\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*\"], \"vendor\": \"sonicwall\", \"product\": \"sonicos\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.9.2.14-12o\"}, {\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"6.5.4.14-109n\"}, {\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"7.0.1-5035\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*\"], \"vendor\": \"sonicwall\", \"product\": \"sonicos\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.9.2.14-12o\"}, {\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"6.5.4.14-109n\"}, {\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"7.0.1-5035\"}], \"defaultStatus\": \"unknown\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-40766\", \"tags\": [\"government-resource\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-23T14:10:19.974Z\"}, \"timeline\": [{\"time\": \"2024-09-09T00:00:00+00:00\", \"lang\": \"en\", \"value\": \"CVE-2024-40766 added to CISA KEV\"}], \"title\": \"CISA ADP Vulnrichment\"}]}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-40766\", \"assignerOrgId\": \"44b2ff79-1416-4492-88bb-ed0da00c7315\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"sonicwall\", \"dateReserved\": \"2024-07-10T15:58:49.462Z\", \"datePublished\": \"2024-08-23T06:19:07.229Z\", \"dateUpdated\": \"2025-10-21T19:44:24.367Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2024-AVI-0712

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans les produits Sonicwall. Elle permet à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Sonicwall	N/A	Gen6 Firewalls - SOHOW, TZ 300, TZ 300W, TZ 400, TZ 400W, TZ 500, TZ 500W, TZ 600, NSA 2650,NSA 3600, NSA 3650, NSA 4600, NSA 4650, NSA 5600, NSA 5650, NSA 6600, NSA 6650, SM 9200, SM 9250, SM 9400, SM 9450, SM 9600, SM 9650, TZ 300P, TZ 600P, SOHO 250, SOHO 250W, TZ 350, TZ 350W versions antérieures à 6.5.2.8-2n pour SM9800, NSsp 12400, NSsp 12800 et versions antérieures à 6.5.4.15.116n pour les autres références
Sonicwall	N/A	SOHO (Gen 5) versions antérieures à 5.9.2.14-13o
Sonicwall	N/A	Gen7 Firewalls - TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700,NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700 versions antérieures ou égales à 7.0.1-5035

References

Title

Publication Time

Tags

Bulletin de sécurité SonicWall SNWLID-2024-0015

2024-08-22

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Gen6 Firewalls - SOHOW, TZ 300, TZ 300W, TZ 400, TZ 400W, TZ 500, TZ 500W, TZ 600, NSA 2650,NSA 3600, NSA 3650, NSA 4600, NSA 4650, NSA 5600, NSA 5650, NSA 6600, NSA 6650, SM 9200, SM 9250,\nSM 9400, SM 9450, SM 9600, SM 9650, TZ 300P, TZ 600P, SOHO 250, SOHO 250W, TZ 350, TZ 350W versions ant\u00e9rieures \u00e0 6.5.2.8-2n pour SM9800, NSsp 12400, NSsp 12800 et versions ant\u00e9rieures \u00e0 6.5.4.15.116n pour les autres r\u00e9f\u00e9rences",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Sonicwall",
          "scada": false
        }
      }
    },
    {
      "description": "SOHO (Gen 5) versions ant\u00e9rieures \u00e0 5.9.2.14-13o",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Sonicwall",
          "scada": false
        }
      }
    },
    {
      "description": "Gen7 Firewalls - TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700,NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700 versions ant\u00e9rieures  ou \u00e9gales \u00e0 7.0.1-5035",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Sonicwall",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-40766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40766"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0712",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-08-23T00:00:00.000000"
    },
    {
      "description": "Ajout de l\u0027identifiant CVE-2024-40766.",
      "revision_date": "2024-09-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits Sonicwall. Elle permet \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
  "title": "Vuln\u00e9rabilit\u00e9 dans les produits Sonicwall",
  "vendor_advisories": [
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 SonicWall SNWLID-2024-0015",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015"
    }
  ]
}

CERTFR-2024-AVI-0712

Vulnerability from certfr_avis - Published: - Updated:

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Sonicwall	N/A	Gen6 Firewalls - SOHOW, TZ 300, TZ 300W, TZ 400, TZ 400W, TZ 500, TZ 500W, TZ 600, NSA 2650,NSA 3600, NSA 3650, NSA 4600, NSA 4650, NSA 5600, NSA 5650, NSA 6600, NSA 6650, SM 9200, SM 9250, SM 9400, SM 9450, SM 9600, SM 9650, TZ 300P, TZ 600P, SOHO 250, SOHO 250W, TZ 350, TZ 350W versions antérieures à 6.5.2.8-2n pour SM9800, NSsp 12400, NSsp 12800 et versions antérieures à 6.5.4.15.116n pour les autres références
Sonicwall	N/A	SOHO (Gen 5) versions antérieures à 5.9.2.14-13o
Sonicwall	N/A	Gen7 Firewalls - TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700,NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700 versions antérieures ou égales à 7.0.1-5035

References

Title

Publication Time

Tags

Bulletin de sécurité SonicWall SNWLID-2024-0015

2024-08-22

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Gen6 Firewalls - SOHOW, TZ 300, TZ 300W, TZ 400, TZ 400W, TZ 500, TZ 500W, TZ 600, NSA 2650,NSA 3600, NSA 3650, NSA 4600, NSA 4650, NSA 5600, NSA 5650, NSA 6600, NSA 6650, SM 9200, SM 9250,\nSM 9400, SM 9450, SM 9600, SM 9650, TZ 300P, TZ 600P, SOHO 250, SOHO 250W, TZ 350, TZ 350W versions ant\u00e9rieures \u00e0 6.5.2.8-2n pour SM9800, NSsp 12400, NSsp 12800 et versions ant\u00e9rieures \u00e0 6.5.4.15.116n pour les autres r\u00e9f\u00e9rences",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Sonicwall",
          "scada": false
        }
      }
    },
    {
      "description": "SOHO (Gen 5) versions ant\u00e9rieures \u00e0 5.9.2.14-13o",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Sonicwall",
          "scada": false
        }
      }
    },
    {
      "description": "Gen7 Firewalls - TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700,NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700 versions ant\u00e9rieures  ou \u00e9gales \u00e0 7.0.1-5035",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Sonicwall",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-40766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40766"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0712",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-08-23T00:00:00.000000"
    },
    {
      "description": "Ajout de l\u0027identifiant CVE-2024-40766.",
      "revision_date": "2024-09-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits Sonicwall. Elle permet \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
  "title": "Vuln\u00e9rabilit\u00e9 dans les produits Sonicwall",
  "vendor_advisories": [
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 SonicWall SNWLID-2024-0015",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015"
    }
  ]
}

CERTFR-2024-ALE-011

Vulnerability from certfr_alerte - Published: - Updated:

Le 22 août 2024, Sonicwall a publié un correctif concernant la vulnérabilité critique CVE-2024-40766 affectant les pare-feux Sonicwall génération 5, 6 et 7. Cette vulnérabilité, de type contrôle d'accès défaillant, permet à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.
Le 6 septembre 2024, l'éditeur complète son avis en précisant que la fonctionnalité SSLVPN est également affectée. De plus, Sonicwall indique que la vulnérabilité CVE-2024-40766 est potentiellement activement exploitée dans le cadre d'attaques ciblées.

Le CERT-FR recommande fortement de suivre les préconisations de l'éditeur :

mettre à jour les mots de passe des utilisateurs de SSLVPN qui ont des comptes gérés localement pour renforcer la sécurité et empêcher les accès non autorisés ;
activer l'authentification à plusieurs facteurs des utilisateurs de SSLVPN.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Sonicwall	SonicOS	Gen7 Firewalls - TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700,NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700 versions antérieures ou égales à 7.0.1-5035
Sonicwall	SonicOS	SOHO (Gen 5) versions antérieures à 5.9.2.14-13o
Sonicwall	SonicOS	Gen6 Firewalls - SOHOW, TZ 300, TZ 300W, TZ 400, TZ 400W, TZ 500, TZ 500W, TZ 600, NSA 2650,NSA 3600, NSA 3650, NSA 4600, NSA 4650, NSA 5600, NSA 5650, NSA 6600, NSA 6650, SM 9200, SM 9250, SM 9400, SM 9450, SM 9600, SM 9650, TZ 300P, TZ 600P, SOHO 250, SOHO 250W, TZ 350, TZ 350W versions antérieures à 6.5.2.8-2n pour SM9800, NSsp 12400, NSsp 12800 et versions antérieures à 6.5.4.15.116n pour les autres références

References

Title

Publication Time

Tags

Bulletin de sécurité SonicWall SNWLID-2024-0015	2024-08-22	vendor-advisory
Avis de sécurité CERT-FR CERTFR-2024-AVI-0712	2024-08-23	vendor-advisory
Configuration du système SonicWall SonicOS 6.5	-	other
Comment configurer l'authentification à plusieurs facteurs pour SSLVPN avec TOTP	-	other
Guide d'administration SonicOS 5.9	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Gen7 Firewalls - TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700,NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700 versions ant\u00e9rieures  ou \u00e9gales \u00e0 7.0.1-5035",
      "product": {
        "name": "SonicOS",
        "vendor": {
          "name": "Sonicwall",
          "scada": false
        }
      }
    },
    {
      "description": "SOHO (Gen 5) versions ant\u00e9rieures \u00e0 5.9.2.14-13o",
      "product": {
        "name": "SonicOS",
        "vendor": {
          "name": "Sonicwall",
          "scada": false
        }
      }
    },
    {
      "description": "Gen6 Firewalls - SOHOW, TZ 300, TZ 300W, TZ 400, TZ 400W, TZ 500, TZ 500W, TZ 600, NSA 2650,NSA 3600, NSA 3650, NSA 4600, NSA 4650, NSA 5600, NSA 5650, NSA 6600, NSA 6650, SM 9200, SM 9250, SM 9400, SM 9450, SM 9600, SM 9650, TZ 300P, TZ 600P, SOHO 250, SOHO 250W, TZ 350, TZ 350W versions ant\u00e9rieures \u00e0 6.5.2.8-2n pour SM9800, NSsp 12400, NSsp 12800 et versions ant\u00e9rieures \u00e0 6.5.4.15.116n pour les autres r\u00e9f\u00e9rences",
      "product": {
        "name": "SonicOS",
        "vendor": {
          "name": "Sonicwall",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "closed_at": "2024-11-21",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-40766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40766"
    }
  ],
  "links": [
    {
      "title": "Configuration du syst\u00e8me SonicWall SonicOS 6.5",
      "url": "https://www.sonicwall.com/techdocs/pdf/sonicos-6-5-system-setup.pdf"
    },
    {
      "title": "Comment configurer l\u0027authentification \u00e0 plusieurs facteurs pour SSLVPN avec TOTP",
      "url": "https://www.sonicwall.com/support/knowledge-base/how-do-i-configure-2fa-for-ssl-vpn-with-totp/190829123329169"
    },
    {
      "title": "Guide d\u0027administration SonicOS 5.9",
      "url": "https://www.sonicwall.com/techdocs/pdf/sonicos-5-9-admin-guide.pdf"
    }
  ],
  "reference": "CERTFR-2024-ALE-011",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-09-10T00:00:00.000000"
    },
    {
      "description": "Cl\u00f4ture de l\u0027alerte. Cela ne signifie pas la fin d\u0027une menace. Seule l\u0027application de la mise \u00e0 jour permet de vous pr\u00e9munir contre l\u0027exploitation de la vuln\u00e9rabilit\u00e9 correspondante.",
      "revision_date": "2024-11-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Le 22 ao\u00fbt 2024, Sonicwall a publi\u00e9 un correctif concernant la vuln\u00e9rabilit\u00e9 critique CVE-2024-40766 affectant les pare-feux Sonicwall g\u00e9n\u00e9ration 5, 6 et 7.\nCette vuln\u00e9rabilit\u00e9, de type contr\u00f4le d\u0027acc\u00e8s d\u00e9faillant, permet \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.\u003cbr/\u003e\nLe 6 septembre 2024, l\u0027\u00e9diteur compl\u00e8te son avis en pr\u00e9cisant que la fonctionnalit\u00e9 SSLVPN est \u00e9galement affect\u00e9e. De plus, Sonicwall indique que la vuln\u00e9rabilit\u00e9 CVE-2024-40766 est potentiellement activement exploit\u00e9e dans le cadre d\u0027attaques cibl\u00e9es.\u003cbr/\u003e\n\nLe CERT-FR recommande fortement de suivre les pr\u00e9conisations de l\u0027\u00e9diteur :\n\n* mettre \u00e0 jour les mots de passe des utilisateurs de SSLVPN qui ont des comptes g\u00e9r\u00e9s localement pour renforcer la s\u00e9curit\u00e9 et emp\u00eacher les acc\u00e8s non autoris\u00e9s ;\n* activer l\u0027authentification \u00e0 plusieurs facteurs des utilisateurs de SSLVPN.",
  "title": "Vuln\u00e9rabilit\u00e9 dans SonicWall",
  "vendor_advisories": [
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 SonicWall SNWLID-2024-0015",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015"
    },
    {
      "published_at": "2024-08-23",
      "title": "Avis de s\u00e9curit\u00e9 CERT-FR CERTFR-2024-AVI-0712",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2024-AVI-0712/"
    }
  ]
}

CERTFR-2024-ALE-011

Vulnerability from certfr_alerte - Published: - Updated:

Le CERT-FR recommande fortement de suivre les préconisations de l'éditeur :

mettre à jour les mots de passe des utilisateurs de SSLVPN qui ont des comptes gérés localement pour renforcer la sécurité et empêcher les accès non autorisés ;
activer l'authentification à plusieurs facteurs des utilisateurs de SSLVPN.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Sonicwall	SonicOS	Gen7 Firewalls - TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700,NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700 versions antérieures ou égales à 7.0.1-5035
Sonicwall	SonicOS	SOHO (Gen 5) versions antérieures à 5.9.2.14-13o
Sonicwall	SonicOS	Gen6 Firewalls - SOHOW, TZ 300, TZ 300W, TZ 400, TZ 400W, TZ 500, TZ 500W, TZ 600, NSA 2650,NSA 3600, NSA 3650, NSA 4600, NSA 4650, NSA 5600, NSA 5650, NSA 6600, NSA 6650, SM 9200, SM 9250, SM 9400, SM 9450, SM 9600, SM 9650, TZ 300P, TZ 600P, SOHO 250, SOHO 250W, TZ 350, TZ 350W versions antérieures à 6.5.2.8-2n pour SM9800, NSsp 12400, NSsp 12800 et versions antérieures à 6.5.4.15.116n pour les autres références

References

Title

Publication Time

Tags

Bulletin de sécurité SonicWall SNWLID-2024-0015	2024-08-22	vendor-advisory
Avis de sécurité CERT-FR CERTFR-2024-AVI-0712	2024-08-23	vendor-advisory
Configuration du système SonicWall SonicOS 6.5	-	other
Comment configurer l'authentification à plusieurs facteurs pour SSLVPN avec TOTP	-	other
Guide d'administration SonicOS 5.9	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Gen7 Firewalls - TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700,NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700 versions ant\u00e9rieures  ou \u00e9gales \u00e0 7.0.1-5035",
      "product": {
        "name": "SonicOS",
        "vendor": {
          "name": "Sonicwall",
          "scada": false
        }
      }
    },
    {
      "description": "SOHO (Gen 5) versions ant\u00e9rieures \u00e0 5.9.2.14-13o",
      "product": {
        "name": "SonicOS",
        "vendor": {
          "name": "Sonicwall",
          "scada": false
        }
      }
    },
    {
      "description": "Gen6 Firewalls - SOHOW, TZ 300, TZ 300W, TZ 400, TZ 400W, TZ 500, TZ 500W, TZ 600, NSA 2650,NSA 3600, NSA 3650, NSA 4600, NSA 4650, NSA 5600, NSA 5650, NSA 6600, NSA 6650, SM 9200, SM 9250, SM 9400, SM 9450, SM 9600, SM 9650, TZ 300P, TZ 600P, SOHO 250, SOHO 250W, TZ 350, TZ 350W versions ant\u00e9rieures \u00e0 6.5.2.8-2n pour SM9800, NSsp 12400, NSsp 12800 et versions ant\u00e9rieures \u00e0 6.5.4.15.116n pour les autres r\u00e9f\u00e9rences",
      "product": {
        "name": "SonicOS",
        "vendor": {
          "name": "Sonicwall",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "closed_at": "2024-11-21",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-40766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40766"
    }
  ],
  "links": [
    {
      "title": "Configuration du syst\u00e8me SonicWall SonicOS 6.5",
      "url": "https://www.sonicwall.com/techdocs/pdf/sonicos-6-5-system-setup.pdf"
    },
    {
      "title": "Comment configurer l\u0027authentification \u00e0 plusieurs facteurs pour SSLVPN avec TOTP",
      "url": "https://www.sonicwall.com/support/knowledge-base/how-do-i-configure-2fa-for-ssl-vpn-with-totp/190829123329169"
    },
    {
      "title": "Guide d\u0027administration SonicOS 5.9",
      "url": "https://www.sonicwall.com/techdocs/pdf/sonicos-5-9-admin-guide.pdf"
    }
  ],
  "reference": "CERTFR-2024-ALE-011",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-09-10T00:00:00.000000"
    },
    {
      "description": "Cl\u00f4ture de l\u0027alerte. Cela ne signifie pas la fin d\u0027une menace. Seule l\u0027application de la mise \u00e0 jour permet de vous pr\u00e9munir contre l\u0027exploitation de la vuln\u00e9rabilit\u00e9 correspondante.",
      "revision_date": "2024-11-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Le 22 ao\u00fbt 2024, Sonicwall a publi\u00e9 un correctif concernant la vuln\u00e9rabilit\u00e9 critique CVE-2024-40766 affectant les pare-feux Sonicwall g\u00e9n\u00e9ration 5, 6 et 7.\nCette vuln\u00e9rabilit\u00e9, de type contr\u00f4le d\u0027acc\u00e8s d\u00e9faillant, permet \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.\u003cbr/\u003e\nLe 6 septembre 2024, l\u0027\u00e9diteur compl\u00e8te son avis en pr\u00e9cisant que la fonctionnalit\u00e9 SSLVPN est \u00e9galement affect\u00e9e. De plus, Sonicwall indique que la vuln\u00e9rabilit\u00e9 CVE-2024-40766 est potentiellement activement exploit\u00e9e dans le cadre d\u0027attaques cibl\u00e9es.\u003cbr/\u003e\n\nLe CERT-FR recommande fortement de suivre les pr\u00e9conisations de l\u0027\u00e9diteur :\n\n* mettre \u00e0 jour les mots de passe des utilisateurs de SSLVPN qui ont des comptes g\u00e9r\u00e9s localement pour renforcer la s\u00e9curit\u00e9 et emp\u00eacher les acc\u00e8s non autoris\u00e9s ;\n* activer l\u0027authentification \u00e0 plusieurs facteurs des utilisateurs de SSLVPN.",
  "title": "Vuln\u00e9rabilit\u00e9 dans SonicWall",
  "vendor_advisories": [
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 SonicWall SNWLID-2024-0015",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015"
    },
    {
      "published_at": "2024-08-23",
      "title": "Avis de s\u00e9curit\u00e9 CERT-FR CERTFR-2024-AVI-0712",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2024-AVI-0712/"
    }
  ]
}

GHSA-8736-PR6R-R9HR

Vulnerability from github – Published: 2024-08-23 09:30 – Updated: 2025-10-22 00:33

Details

Severity ?

9.3 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-40766"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-23T07:15:03Z",
    "severity": "CRITICAL"
  },
  "details": "An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.",
  "id": "GHSA-8736-pr6r-r9hr",
  "modified": "2025-10-22T00:33:05Z",
  "published": "2024-08-23T09:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40766"
    },
    {
      "type": "WEB",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-40766"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

WID-SEC-W-2024-1906

Vulnerability from csaf_certbund - Published: 2024-08-22 22:00 - Updated: 2024-09-10 22:00

Summary

SonicWall SonicOS: Schwachstelle ermöglicht Offenlegung von Informationen und Denial of Service

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

SonicOS ist das Betriebssystem von SonicWall Firewall-Produkten.

Angriff

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in SonicWall SonicOS ausnutzen, um Informationen offenzulegen und um einen Denial of Service Angriff durchzuführen.

Betroffene Betriebssysteme

- BIOS/Firmware - Hardware Appliance

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "SonicOS ist das Betriebssystem von SonicWall Firewall-Produkten.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in SonicWall SonicOS ausnutzen, um Informationen offenzulegen und um einen Denial of Service Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- BIOS/Firmware\n- Hardware Appliance",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-1906 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1906.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-1906 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1906"
      },
      {
        "category": "external",
        "summary": "SonicWall Security Advisory vom 2024-08-22",
        "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015"
      },
      {
        "category": "external",
        "summary": "SecurityOnline.info vom 2024-09-05",
        "url": "https://securityonline.info/sonicwall-confirms-critical-cve-2024-40766-vulnerability-actively-exploited-in-the-wild/"
      }
    ],
    "source_lang": "en-US",
    "title": "SonicWall SonicOS: Schwachstelle erm\u00f6glicht Offenlegung von Informationen und Denial of Service",
    "tracking": {
      "current_release_date": "2024-09-10T22:00:00.000+00:00",
      "generator": {
        "date": "2024-09-11T11:38:47.168+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.6"
        }
      },
      "id": "WID-SEC-W-2024-1906",
      "initial_release_date": "2024-08-22T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-08-22T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-09-05T22:00:00.000+00:00",
          "number": "2",
          "summary": "Aktive Ausnutzung gemeldet"
        },
        {
          "date": "2024-09-08T22:00:00.000+00:00",
          "number": "3",
          "summary": "CVSS Score angepasst"
        },
        {
          "date": "2024-09-10T22:00:00.000+00:00",
          "number": "4",
          "summary": "Korrektur Produktversion"
        }
      ],
      "status": "final",
      "version": "4"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c5.9.2.14-13o",
                "product": {
                  "name": "SonicWall SonicOS \u003c5.9.2.14-13o",
                  "product_id": "T037030"
                }
              },
              {
                "category": "product_version",
                "name": "5.9.2.14-13o",
                "product": {
                  "name": "SonicWall SonicOS 5.9.2.14-13o",
                  "product_id": "T037030-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:sonicwall:sonicos:5.9.2.14-13o"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c6.5.2.8-2n",
                "product": {
                  "name": "SonicWall SonicOS \u003c6.5.2.8-2n",
                  "product_id": "T037031"
                }
              },
              {
                "category": "product_version",
                "name": "6.5.2.8-2n",
                "product": {
                  "name": "SonicWall SonicOS 6.5.2.8-2n",
                  "product_id": "T037031-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:sonicwall:sonicos:6.5.2.8-2n"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c6.5.4.15.116n",
                "product": {
                  "name": "SonicWall SonicOS \u003c6.5.4.15.116n",
                  "product_id": "T037032"
                }
              },
              {
                "category": "product_version",
                "name": "6.5.4.15.116n",
                "product": {
                  "name": "SonicWall SonicOS 6.5.4.15.116n",
                  "product_id": "T037032-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:sonicwall:sonicos:6.5.4.15.116n"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=7.0.1-5035",
                "product": {
                  "name": "SonicWall SonicOS \u003c=7.0.1-5035",
                  "product_id": "T037033"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=7.0.1-5035",
                "product": {
                  "name": "SonicWall SonicOS \u003c=7.0.1-5035",
                  "product_id": "T037033-fixed"
                }
              }
            ],
            "category": "product_name",
            "name": "SonicOS"
          }
        ],
        "category": "vendor",
        "name": "SonicWall"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-40766",
      "notes": [
        {
          "category": "description",
          "text": "In SonicWall SonicOS gibt es eine Schwachstelle, verursacht durch eine unsachgem\u00e4\u00dfe Zugriffskontrolle. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um \u00fcber einen nicht autorisierten Ressourcenzugriff Informationen offenzulegen und m\u00f6glicherweise einen Denial-of-Service-Zustand zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T037030",
          "T037031",
          "T037032"
        ],
        "last_affected": [
          "T037033"
        ]
      },
      "release_date": "2024-08-22T22:00:00.000+00:00",
      "title": "CVE-2024-40766"
    }
  ]
}

NCSC-2024-0353

Vulnerability from csaf_ncscnl - Published: 2024-08-27 12:45 - Updated: 2024-09-10 12:34

Summary

Kwetsbaarheid verholpen in Sonicwall SonicOS

Notes

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.

Feiten

Sonicwall heeft een kwetsbaarheid verholpen in SonicOS voor Gen5, Gen6 en Gen7 firewalls.

Interpretaties

De kwetsbaarheid bevindt zich in de management interface en de SSLVPN en stelt een kwaadwillende in staat om een Denial-of-Service te veroorzaken en mogelijk toegang te krijgen tot systeemgegevens en deze aan te passen. Van betrouwbare partners ontvangt het NCSC signalen dat ransomware groepen zich al langere tijd specifiek concentreren op kwetsbaarheden in SonicOS-systemen en dat deze kwetsbaarheid misbruikt lijkt te worden om toegang te krijgen tot de infrastructuur en ransomware uit te rollen. Indicaties geven aan dat de kwetsbaarheid wordt misbruikt via de SSLVPN, waarbij met name lokale accounts worden gecompromitteerd, indien tweefactor-authenticatie (MFA) niet in gebruik is.

Oplossingen

Sonicwall heeft updates uitgebracht voor de getroffen systemen om de kwetsbaarheid te verhelpen. Ook adviseert Sonicwall om toegang tot de management interface en de SSLVPN te beperken tot vertrouwde infrastructuren en accounts te voorzien van Tweefactor-authenticatie. Zie bijgevoegde referenties voor meer informatie.

Kans

medium

Schade

high

CWE-284

Improper Access Control

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Sonicwall heeft een kwetsbaarheid verholpen in SonicOS voor Gen5, Gen6 en Gen7 firewalls.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "De kwetsbaarheid bevindt zich in de management interface en de SSLVPN en stelt een kwaadwillende in staat om een Denial-of-Service te veroorzaken en mogelijk toegang te krijgen tot systeemgegevens en deze aan te passen.\n\nVan betrouwbare partners ontvangt het NCSC signalen dat ransomware groepen zich al langere tijd specifiek concentreren op kwetsbaarheden in SonicOS-systemen en dat deze kwetsbaarheid misbruikt lijkt te worden om toegang te krijgen tot de infrastructuur en ransomware uit te rollen. Indicaties geven aan dat de kwetsbaarheid wordt misbruikt via de SSLVPN, waarbij met name lokale accounts worden gecompromitteerd, indien tweefactor-authenticatie (MFA) niet in gebruik is.",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Sonicwall heeft updates uitgebracht voor de getroffen systemen om de kwetsbaarheid te verhelpen. Ook adviseert Sonicwall om toegang tot de management interface en de SSLVPN te beperken tot vertrouwde infrastructuren en accounts te voorzien van Tweefactor-authenticatie.\nZie bijgevoegde referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Improper Access Control",
        "title": "CWE-284"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference - certbundde; cisagov; cveprojectv5; hkcert; nvd",
        "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015"
      }
    ],
    "title": "Kwetsbaarheid verholpen in Sonicwall SonicOS",
    "tracking": {
      "current_release_date": "2024-09-10T12:34:18.650826Z",
      "id": "NCSC-2024-0353",
      "initial_release_date": "2024-08-27T12:45:37.679365Z",
      "revision_history": [
        {
          "date": "2024-08-27T12:45:37.679365Z",
          "number": "0",
          "summary": "Initiele versie"
        },
        {
          "date": "2024-08-29T09:25:42.054272Z",
          "number": "1",
          "summary": "Het NCSC ontvangt signalen dat ransomware actoren misbruik lijken te maken van deze kwetsbaarheid."
        },
        {
          "date": "2024-09-10T12:34:18.650826Z",
          "number": "2",
          "summary": "Nieuwe informatie maakt bekend dat de kwetsbaarheid ook via de SSLVPN is te misbruiken."
        }
      ],
      "status": "final",
      "version": "1.0.2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "sonicos",
            "product": {
              "name": "sonicos",
              "product_id": "CSAFPID-1622292",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:sonicwall:sonicos:5.9.2.14-12o_and_older_versions:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sonicos",
            "product": {
              "name": "sonicos",
              "product_id": "CSAFPID-1622243",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:sonicwall:sonicos:5.9.2.14-12o:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sonicos",
            "product": {
              "name": "sonicos",
              "product_id": "CSAFPID-1622293",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:sonicwall:sonicos:6.5.4.14-109n_and_older_versions:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sonicos",
            "product": {
              "name": "sonicos",
              "product_id": "CSAFPID-1622242",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:sonicwall:sonicos:6.5.4.14-109n:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sonicos",
            "product": {
              "name": "sonicos",
              "product_id": "CSAFPID-1622294",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:sonicwall:sonicos:7.0.1-5035_and_older_versions:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sonicos",
            "product": {
              "name": "sonicos",
              "product_id": "CSAFPID-1622241",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:sonicwall:sonicos:7.0.1-5035:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sonicwall_sonicos__5.9.2.14-13o",
            "product": {
              "name": "sonicwall_sonicos__5.9.2.14-13o",
              "product_id": "CSAFPID-1622527",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:sonicwall:sonicwall_sonicos__5.9.2.14-13o:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sonicwall_sonicos__6.5.2.8-2n",
            "product": {
              "name": "sonicwall_sonicos__6.5.2.8-2n",
              "product_id": "CSAFPID-1622528",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:sonicwall:sonicwall_sonicos__6.5.2.8-2n:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sonicwall_sonicos__6.5.4.15.116n",
            "product": {
              "name": "sonicwall_sonicos__6.5.4.15.116n",
              "product_id": "CSAFPID-1622529",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:sonicwall:sonicwall_sonicos__6.5.4.15.116n:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sonicwall_sonicos__7.0.1-5035",
            "product": {
              "name": "sonicwall_sonicos__7.0.1-5035",
              "product_id": "CSAFPID-1622530",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:sonicwall:sonicwall_sonicos__7.0.1-5035:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sonicos",
            "product": {
              "name": "sonicos",
              "product_id": "CSAFPID-1622900",
              "product_identification_helper": {
                "cpe": "cpe:2.3:o:sonicwall:sonicos:5.9.2.14-12o:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sonicos",
            "product": {
              "name": "sonicos",
              "product_id": "CSAFPID-1622901",
              "product_identification_helper": {
                "cpe": "cpe:2.3:o:sonicwall:sonicos:6.5.4.14-109n:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sonicos",
            "product": {
              "name": "sonicos",
              "product_id": "CSAFPID-1622899",
              "product_identification_helper": {
                "cpe": "cpe:2.3:o:sonicwall:sonicos:7.0.1-5035:*:*:*:*:*:*:*"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "sonicwall"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-40766",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Access Control",
          "title": "CWE-284"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1622292",
          "CSAFPID-1622293",
          "CSAFPID-1622294",
          "CSAFPID-1622527",
          "CSAFPID-1622528",
          "CSAFPID-1622529",
          "CSAFPID-1622530"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-40766",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-40766.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1622292",
            "CSAFPID-1622293",
            "CSAFPID-1622294",
            "CSAFPID-1622527",
            "CSAFPID-1622528",
            "CSAFPID-1622529",
            "CSAFPID-1622530"
          ]
        }
      ],
      "title": "CVE-2024-40766"
    }
  ]
}

FKIE_CVE-2024-40766

Vulnerability from fkie_nvd - Published: 2024-08-23 07:15 - Updated: 2025-10-31 15:56

CISA KEV

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L

Summary

References

	URL	Tags
	PSIRT@sonicwall.com	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015	Vendor Advisory
	134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-40766	US Government Resource

Impacted products

Vendor	Product	Version
sonicwall	sonicos	*
sonicwall	soho	-
sonicwall	sonicos	*
sonicwall	nssp_12400	-
sonicwall	nssp_12800	-
sonicwall	sm9800	-
sonicwall	sonicos	*
sonicwall	nsa_2650	-
sonicwall	nsa_3600	-
sonicwall	nsa_3650	-
sonicwall	nsa_4600	-
sonicwall	nsa_4650	-
sonicwall	nsa_5600	-
sonicwall	nsa_5650	-
sonicwall	nsa_6600	-
sonicwall	nsa_6650	-
sonicwall	sm_9200	-
sonicwall	sm_9250	-
sonicwall	sm_9400	-
sonicwall	sm_9450	-
sonicwall	sm_9600	-
sonicwall	sm_9650	-
sonicwall	soho_250	-
sonicwall	soho_250w	-
sonicwall	sohow	-
sonicwall	tz_300	-
sonicwall	tz_300p	-
sonicwall	tz_300w	-
sonicwall	tz_350	-
sonicwall	tz_350w	-
sonicwall	tz_400	-
sonicwall	tz_400w	-
sonicwall	tz_500	-
sonicwall	tz_500w	-
sonicwall	tz_600	-
sonicwall	tz_600p	-
sonicwall	sonicos	*
sonicwall	nsa_2700	-
sonicwall	nsa_3700	-
sonicwall	nsa_4700	-
sonicwall	nsa_5700	-
sonicwall	nsa_6700	-
sonicwall	nssp_10700	-
sonicwall	nssp_11700	-
sonicwall	nssp_13700	-
sonicwall	tz270	-
sonicwall	tz270w	-
sonicwall	tz370	-
sonicwall	tz370w	-
sonicwall	tz470	-
sonicwall	tz470w	-
sonicwall	tz570	-
sonicwall	tz570p	-
sonicwall	tz570w	-
sonicwall	tz670	-

JSON

To clipboard

{
  "cisaActionDue": "2024-09-30",
  "cisaExploitAdd": "2024-09-09",
  "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
  "cisaVulnerabilityName": "SonicWall SonicOS Improper Access Control Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "37E20C47-F8DA-4313-B9AD-C63CEA9D42C5",
              "versionEndExcluding": "5.9.2.14-13o",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sonicwall:soho:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6B6B3FD-428E-4D6C-8C45-172CF4FB430D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B16D102-B2BA-4F94-A42F-B8EB2E697907",
              "versionEndExcluding": "6.5.2.8-2n",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sonicwall:nssp_12400:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2F22AB1-044C-45F1-BD33-82BB46402363",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:nssp_12800:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E62EAD79-2CD4-4479-B26A-A0C97B5B241A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:sm9800:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCBF16D6-4C60-440D-95AB-986ABC4F9100",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAFD6E22-8E19-4B5A-85DE-7850FE0AE7CF",
              "versionEndExcluding": "6.5.4.15.116n",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sonicwall:nsa_2650:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7BCDFEE-DC5A-44B8-85DF-8BFC02B1A973",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:nsa_3600:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A24BCC0-CE41-49AF-B03D-D4FCB422503B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:nsa_3650:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "043858A6-26AC-4EB0-A240-A43AD08C6AD5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:nsa_4600:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FD73880-DC60-467F-99B6-69807D58A840",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:nsa_4650:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "73BB9452-A014-4A68-9662-63E6C60EEAD2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:nsa_5600:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0CF683A-7E83-464B-8A0D-4CC641377FA6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:nsa_5650:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FAAEBB4-F180-4195-BA7F-591AB02EEDC9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:nsa_6600:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD9C3F77-2F1A-4C4F-A8F8-CDBFB7B87891",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:nsa_6650:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "676B05B2-716E-4DC4-BEE8-0E3BCCA5DB27",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:sm_9200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEF2B435-957C-4BBE-937D-23E4F33189EF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:sm_9250:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CE4FE75-10AD-47D4-AF87-E4C294F89EA8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:sm_9400:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B485C543-DFCF-4481-92B4-F7198EE4FBD1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:sm_9450:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "928C1C0D-7AF7-4076-B5B2-207DFF3AD6A4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:sm_9600:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F030C5AB-36CA-445E-AC87-8DEE18DBB40E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:sm_9650:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1F9D940-8AE2-4B92-B69D-9FF6F48DF16C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:soho_250:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FDE64E9-44DD-4B7C-BA34-FE2C79E3FAED",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:soho_250w:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E8F3935-89B4-4091-9B8C-442C02FD4F3A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:sohow:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7268E89B-FF46-45AD-82FF-333505EF957B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:tz_300:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0804FADE-57F7-452F-86B3-079701059D37",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:tz_300p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9956F726-6D62-4616-B60A-4D3DD6F32105",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:tz_300w:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "29F4D403-F20A-4802-AAE9-9582486EB436",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:tz_350:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "675F28A7-0BB3-4CDA-855E-7EFC650B512E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:tz_350w:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF991212-3F2C-4F54-B96C-C33F500DB77B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:tz_400:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5983C650-84F6-4B2E-A27E-9E83EA1DDC02",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:tz_400w:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDD4B412-7967-477F-929E-8F12A39186FF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:tz_500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1D996FA-52D1-47C2-87E6-682EEC9CA532",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:tz_500w:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9DEF6EE-000D-407D-AA2B-E039BA306A2A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:tz_600:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0B8BFA4-2E15-4318-B7A9-DBDE801D0CF0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:tz_600p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCB8CDE6-8052-40F7-950F-05329499A58A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "34814AB8-5F1D-44B4-B53B-FC4FA794DDAA",
              "versionEndIncluding": "7.0.1-5035",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sonicwall:nsa_2700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D8B0C7A-FD65-47CA-A625-150A90EFA7A1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:nsa_3700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A69E000B-5806-46FD-A233-4E2CC9DD38D2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:nsa_4700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DF4A322-7CC7-4AB9-B10E-FFF34DF2182D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:nsa_5700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C15FED5-C48C-47CF-9645-0563D77883C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:nsa_6700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A884B1BB-F201-4C77-9F6E-B8A884DCD4C2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:nssp_10700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C3BA5A3-1160-4793-A8D6-40B9D264BCC4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:nssp_11700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6739DEA3-06FF-4FEB-9931-0DB27F63B70E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:nssp_13700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0250EDF9-0AEF-4711-8EF6-D447CF48BCAF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:tz270:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "70340DD4-687B-402C-85AF-C2B80D0F1600",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:tz270w:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "52847BA2-470B-4078-A79B-52095DB9214B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:tz370:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9853AE3A-B0EA-4249-AA7D-1F2051C9BF91",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:tz370w:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DBDD10C-F89D-4051-BC70-67B41167FF9B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:tz470:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C23940E-2F9D-447B-A740-42035ED5D400",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:tz470w:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "90C790AD-C40E-4527-8F83-D278282A9600",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:tz570:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7DF76E0-8E3D-4E0D-A3BB-F5AE05A4C7C9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:tz570p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "352DFCF9-E333-41C0-8033-91265768FD8E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:tz570w:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C882C38-9DA5-4C03-BB23-AB2B448E3307",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:tz670:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEEA6065-48D3-4EC7-BD94-CBAE3D1010FF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions."
    },
    {
      "lang": "es",
      "value": "Se ha identificado una vulnerabilidad de control de acceso inadecuado en el acceso de administraci\u00f3n de SonicWall SonicOS, que potencialmente conduce a un acceso no autorizado a recursos y, en condiciones espec\u00edficas, provoca que el firewall falle. Este problema afecta a los dispositivos SonicWall Firewall Gen 5 y Gen 6, as\u00ed como a los dispositivos Gen 7 que ejecutan SonicOS 7.0.1-5035 y versiones anteriores."
    }
  ],
  "id": "CVE-2024-40766",
  "lastModified": "2025-10-31T15:56:26.010",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 9.3,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.7,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-08-23T07:15:03.643",
  "references": [
    {
      "source": "PSIRT@sonicwall.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-40766"
    }
  ],
  "sourceIdentifier": "PSIRT@sonicwall.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "PSIRT@sonicwall.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-40766 (GCVE-0-2024-40766)

CISA KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

Timestamps

Scope

Evidence

Vendor Report Successful Exploitation Confidence: 80% Source: cisa-kev

Details

References

Solutions

Solutions

Solutions

Solutions

Tags

Sightings

Nomenclature