CVE-2024-40766

CRITICAL KEV RANSOMWARE

SonicWall - Improper Access Control

Title source: llm

Description

An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.

References (2)

[Vendor Advisory] https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-40766

Scores

CVSS v3 9.8

EPSS 0.0353

EPSS Percentile 87.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2024-09-09

VulnCheck KEV 2024-04-23

InTheWild.io 2024-09-09

ENISA EUVD EUVD-2024-38613

Ransomware Use Confirmed

CWE

CWE-284

Status published

Products (1)

sonicwall/sonicos < 5.9.2.14-13o

Published Aug 23, 2024

KEV Added Sep 09, 2024

Tracked Since Feb 18, 2026