CVE-2024-40766
SonicWall SonicOS Improper Access Control Vulnerability
CVSS
—
No CVSS
EPSS
15.6%
p96
KEV
YES
Sep 9, 2024
Exploit Today
79
0-100
Published: — · Last modified: —
Product
SonicWall / SonicOS
Vulnerability
SonicWall SonicOS Improper Access Control Vulnerability
Added to KEV
Sep 9, 2024
Remediate by
Sep 30, 2024
Known ransomware use
Yes
Summary description
SonicWall SonicOS contains an improper access control vulnerability that could lead to unauthorized resource access and, under certain conditions, may cause the firewall to crash.
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015; https://www.sonicwall.com/support/notices/gen-7-and-newer-sonicwall-firewalls-sslvpn-recent-threat-activity/kA1VN0000000RDG0A2 ; https://nvd.nist.gov/vuln/detail/CVE-2024-40766