SonicWall SonicOS 7.0.1-5035 MM Access Control Vulnerability
CVE-2024-40766 Published on August 23, 2024
An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.
Known Exploited Vulnerability
This SonicWall SonicOS Improper Access Control Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. SonicWall SonicOS contains an improper access control vulnerability that could lead to unauthorized resource access and, under certain conditions, may cause the firewall to crash.
The following remediation steps are recommended / required by September 30, 2024: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Vulnerability Analysis
CVE-2024-40766 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. This vulnerability is known to be actively exploited by threat actors in an automatable fashion. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity, and a small impact on availability.
Weakness Type
What is an Authorization Vulnerability?
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CVE-2024-40766 has been classified to as an Authorization vulnerability or weakness.
Products Associated with CVE-2024-40766
Want to know whenever a new CVE is published for SonicWall Sonicos? stack.watch will email you.
Affected Versions
SonicWall SonicOS:- Version 5.9.2.14-12o and older versions is affected.
- Version 6.5.4.14-109n and older versions is affected.
- Version 7.0.1-5035 and older versions is affected.
- Before and including 5.9.2.14-12o is affected.
- Before and including 6.5.4.14-109n is affected.
- Before and including 7.0.1-5035 is affected.
- Before and including 5.9.2.14-12o is affected.
- Before and including 6.5.4.14-109n is affected.
- Before and including 7.0.1-5035 is affected.
- Before and including 5.9.2.14-12o is affected.
- Before and including 6.5.4.14-109n is affected.
- Before and including 7.0.1-5035 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.