FKIE_CVE-2024-40766

Vulnerability from fkie_nvd - Published: 2024-08-23 07:15 - Updated: 2025-10-31 15:56
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
Summary
An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.
References
PSIRT@sonicwall.comhttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015Vendor Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-40766US Government Resource
Impacted products
Vendor Product Version
sonicwall sonicos *
sonicwall soho -
sonicwall sonicos *
sonicwall nssp_12400 -
sonicwall nssp_12800 -
sonicwall sm9800 -
sonicwall sonicos *
sonicwall nsa_2650 -
sonicwall nsa_3600 -
sonicwall nsa_3650 -
sonicwall nsa_4600 -
sonicwall nsa_4650 -
sonicwall nsa_5600 -
sonicwall nsa_5650 -
sonicwall nsa_6600 -
sonicwall nsa_6650 -
sonicwall sm_9200 -
sonicwall sm_9250 -
sonicwall sm_9400 -
sonicwall sm_9450 -
sonicwall sm_9600 -
sonicwall sm_9650 -
sonicwall soho_250 -
sonicwall soho_250w -
sonicwall sohow -
sonicwall tz_300 -
sonicwall tz_300p -
sonicwall tz_300w -
sonicwall tz_350 -
sonicwall tz_350w -
sonicwall tz_400 -
sonicwall tz_400w -
sonicwall tz_500 -
sonicwall tz_500w -
sonicwall tz_600 -
sonicwall tz_600p -
sonicwall sonicos *
sonicwall nsa_2700 -
sonicwall nsa_3700 -
sonicwall nsa_4700 -
sonicwall nsa_5700 -
sonicwall nsa_6700 -
sonicwall nssp_10700 -
sonicwall nssp_11700 -
sonicwall nssp_13700 -
sonicwall tz270 -
sonicwall tz270w -
sonicwall tz370 -
sonicwall tz370w -
sonicwall tz470 -
sonicwall tz470w -
sonicwall tz570 -
sonicwall tz570p -
sonicwall tz570w -
sonicwall tz670 -
To clipboard 

{
  "cisaActionDue": "2024-09-30",
  "cisaExploitAdd": "2024-09-09",
  "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
  "cisaVulnerabilityName": "SonicWall SonicOS Improper Access Control Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "37E20C47-F8DA-4313-B9AD-C63CEA9D42C5",
              "versionEndExcluding": "5.9.2.14-13o",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sonicwall:soho:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6B6B3FD-428E-4D6C-8C45-172CF4FB430D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B16D102-B2BA-4F94-A42F-B8EB2E697907",
              "versionEndExcluding": "6.5.2.8-2n",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sonicwall:nssp_12400:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2F22AB1-044C-45F1-BD33-82BB46402363",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:nssp_12800:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E62EAD79-2CD4-4479-B26A-A0C97B5B241A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:sm9800:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCBF16D6-4C60-440D-95AB-986ABC4F9100",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAFD6E22-8E19-4B5A-85DE-7850FE0AE7CF",
              "versionEndExcluding": "6.5.4.15.116n",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sonicwall:nsa_2650:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7BCDFEE-DC5A-44B8-85DF-8BFC02B1A973",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:nsa_3600:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A24BCC0-CE41-49AF-B03D-D4FCB422503B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:nsa_3650:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "043858A6-26AC-4EB0-A240-A43AD08C6AD5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:nsa_4600:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FD73880-DC60-467F-99B6-69807D58A840",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:nsa_4650:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "73BB9452-A014-4A68-9662-63E6C60EEAD2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:nsa_5600:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0CF683A-7E83-464B-8A0D-4CC641377FA6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:nsa_5650:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FAAEBB4-F180-4195-BA7F-591AB02EEDC9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:nsa_6600:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD9C3F77-2F1A-4C4F-A8F8-CDBFB7B87891",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:nsa_6650:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "676B05B2-716E-4DC4-BEE8-0E3BCCA5DB27",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:sm_9200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEF2B435-957C-4BBE-937D-23E4F33189EF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:sm_9250:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CE4FE75-10AD-47D4-AF87-E4C294F89EA8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:sm_9400:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B485C543-DFCF-4481-92B4-F7198EE4FBD1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:sm_9450:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "928C1C0D-7AF7-4076-B5B2-207DFF3AD6A4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:sm_9600:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F030C5AB-36CA-445E-AC87-8DEE18DBB40E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:sm_9650:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1F9D940-8AE2-4B92-B69D-9FF6F48DF16C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:soho_250:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FDE64E9-44DD-4B7C-BA34-FE2C79E3FAED",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:soho_250w:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E8F3935-89B4-4091-9B8C-442C02FD4F3A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:sohow:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7268E89B-FF46-45AD-82FF-333505EF957B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:tz_300:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0804FADE-57F7-452F-86B3-079701059D37",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:tz_300p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9956F726-6D62-4616-B60A-4D3DD6F32105",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:tz_300w:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "29F4D403-F20A-4802-AAE9-9582486EB436",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:tz_350:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "675F28A7-0BB3-4CDA-855E-7EFC650B512E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:tz_350w:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF991212-3F2C-4F54-B96C-C33F500DB77B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:tz_400:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5983C650-84F6-4B2E-A27E-9E83EA1DDC02",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:tz_400w:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDD4B412-7967-477F-929E-8F12A39186FF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:tz_500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1D996FA-52D1-47C2-87E6-682EEC9CA532",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:tz_500w:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9DEF6EE-000D-407D-AA2B-E039BA306A2A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:tz_600:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0B8BFA4-2E15-4318-B7A9-DBDE801D0CF0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:tz_600p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCB8CDE6-8052-40F7-950F-05329499A58A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "34814AB8-5F1D-44B4-B53B-FC4FA794DDAA",
              "versionEndIncluding": "7.0.1-5035",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sonicwall:nsa_2700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D8B0C7A-FD65-47CA-A625-150A90EFA7A1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:nsa_3700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A69E000B-5806-46FD-A233-4E2CC9DD38D2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:nsa_4700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DF4A322-7CC7-4AB9-B10E-FFF34DF2182D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:nsa_5700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C15FED5-C48C-47CF-9645-0563D77883C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:nsa_6700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A884B1BB-F201-4C77-9F6E-B8A884DCD4C2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:nssp_10700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C3BA5A3-1160-4793-A8D6-40B9D264BCC4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:nssp_11700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6739DEA3-06FF-4FEB-9931-0DB27F63B70E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:nssp_13700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0250EDF9-0AEF-4711-8EF6-D447CF48BCAF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:tz270:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "70340DD4-687B-402C-85AF-C2B80D0F1600",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:tz270w:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "52847BA2-470B-4078-A79B-52095DB9214B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:tz370:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9853AE3A-B0EA-4249-AA7D-1F2051C9BF91",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:tz370w:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DBDD10C-F89D-4051-BC70-67B41167FF9B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:tz470:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C23940E-2F9D-447B-A740-42035ED5D400",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:tz470w:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "90C790AD-C40E-4527-8F83-D278282A9600",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:tz570:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7DF76E0-8E3D-4E0D-A3BB-F5AE05A4C7C9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:tz570p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "352DFCF9-E333-41C0-8033-91265768FD8E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:tz570w:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C882C38-9DA5-4C03-BB23-AB2B448E3307",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sonicwall:tz670:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEEA6065-48D3-4EC7-BD94-CBAE3D1010FF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions."
    },
    {
      "lang": "es",
      "value": "Se ha identificado una vulnerabilidad de control de acceso inadecuado en el acceso de administraci\u00f3n de SonicWall SonicOS, que potencialmente conduce a un acceso no autorizado a recursos y, en condiciones espec\u00edficas, provoca que el firewall falle. Este problema afecta a los dispositivos SonicWall Firewall Gen 5 y Gen 6, as\u00ed como a los dispositivos Gen 7 que ejecutan SonicOS 7.0.1-5035 y versiones anteriores."
    }
  ],
  "id": "CVE-2024-40766",
  "lastModified": "2025-10-31T15:56:26.010",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 9.3,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.7,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-08-23T07:15:03.643",
  "references": [
    {
      "source": "PSIRT@sonicwall.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-40766"
    }
  ],
  "sourceIdentifier": "PSIRT@sonicwall.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "PSIRT@sonicwall.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.