CVE-2024-40766 — SonicWall SonicOS Improper Access Control Vulnerability

2024-09-09 • CISA Known Exploited Vulnerability

[event] SonicWall SonicOS contains an improper access control vulnerability that could lead to unauthorized resource access and, under certain conditions, may cause the firewall to crash.

> AFFECTED SOFTWARE

Field	Value
Vendor	SonicWall
Product	SonicOS
CWE	CWE-284
CVE ID	CVE-2024-40766
Date Added	2024-09-09
Due Date	2024-09-30
Ransomware Campaign	Known — this vulnerability has been leveraged in ransomware campaigns

> MITIGATION

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Due Date: 2024-09-30

> REFERENCES

[1] https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015
[2] https://www.sonicwall.com/support/notices/gen-7-and-newer-sonicwall-firewalls-ss...
[3] https://nvd.nist.gov/vuln/detail/CVE-2024-40766