CVE-2024-40766
CRITICAL KEV RANSOMWARESonicWall - Improper Access Control
Title source: llmExploitation Summary
CVE-2024-40766 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added September 9, 2024, with confirmed use in ransomware campaigns.
Description
An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.
References (2)
Core 2
Core References
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-40766
Vendor Advisory vendor-advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015
Scores
CVSS v3
9.8
EPSS
0.0344
EPSS Percentile
87.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
yes
Technical Impact
partial
Details
CISA KEV
2024-09-09
VulnCheck KEV
2024-04-23
InTheWild.io
2024-09-09
ENISA EUVD
EUVD-2024-38613
Ransomware Use
Confirmed
CWE
CWE-284
Status
published
Products (1)
sonicwall/sonicos
< 5.9.2.14-13o
Published
Aug 23, 2024
KEV Added
Sep 09, 2024
Tracked Since
Feb 18, 2026