CVE-2024-40766

Sept. 16, 2024, 7:48 p.m.

Tags

CWE-284
PSIRT@sonicwall.com
NVD-CWE-noinfo
2024-08-23
CVE-2024-40766

CVSS Score

9.8 / 10

Products Impacted

Vendor Product Versions
sonicwall
  • sonicos
  • soho
  • nssp_12400
  • nssp_12800
  • sm9800
  • nsa_2650
  • nsa_3600
  • nsa_3650
  • nsa_4600
  • nsa_4650
  • nsa_5600
  • nsa_5650
  • nsa_6600
  • nsa_6650
  • sm_9200
  • sm_9250
  • sm_9400
  • sm_9450
  • sm_9600
  • sm_9650
  • soho_250
  • soho_250w
  • sohow
  • tz_300
  • tz_300p
  • tz_300w
  • tz_350
  • tz_350w
  • tz_400
  • tz_400w
  • tz_500
  • tz_500w
  • tz_600
  • tz_600p
  • nsa_2700
  • nsa_3700
  • nsa_4700
  • nsa_5700
  • nsa_6700
  • nssp_10700
  • nssp_11700
  • nssp_13700
  • tz270
  • tz270w
  • tz370
  • tz370w
  • tz470
  • tz470w
  • tz570
  • tz570p
  • tz570w
  • tz670
  • *
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -

Description

An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.

Weaknesses

CWE-284
Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CWE ID: 284

Date

Published: Aug. 23, 2024, 7:15 a.m.

Last Modified: Sept. 16, 2024, 7:48 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

PSIRT@sonicwall.com

CPEs

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
o sonicwall sonicos / / / / / / / /
h sonicwall soho - / / / / / / /
o sonicwall sonicos / / / / / / / /
h sonicwall nssp_12400 - / / / / / / /
h sonicwall nssp_12800 - / / / / / / /
h sonicwall sm9800 - / / / / / / /
o sonicwall sonicos / / / / / / / /
h sonicwall nsa_2650 - / / / / / / /
h sonicwall nsa_3600 - / / / / / / /
h sonicwall nsa_3650 - / / / / / / /
h sonicwall nsa_4600 - / / / / / / /
h sonicwall nsa_4650 - / / / / / / /
h sonicwall nsa_5600 - / / / / / / /
h sonicwall nsa_5650 - / / / / / / /
h sonicwall nsa_6600 - / / / / / / /
h sonicwall nsa_6650 - / / / / / / /
h sonicwall sm_9200 - / / / / / / /
h sonicwall sm_9250 - / / / / / / /
h sonicwall sm_9400 - / / / / / / /
h sonicwall sm_9450 - / / / / / / /
h sonicwall sm_9600 - / / / / / / /
h sonicwall sm_9650 - / / / / / / /
h sonicwall soho_250 - / / / / / / /
h sonicwall soho_250w - / / / / / / /
h sonicwall sohow - / / / / / / /
h sonicwall tz_300 - / / / / / / /
h sonicwall tz_300p - / / / / / / /
h sonicwall tz_300w - / / / / / / /
h sonicwall tz_350 - / / / / / / /
h sonicwall tz_350w - / / / / / / /
h sonicwall tz_400 - / / / / / / /
h sonicwall tz_400w - / / / / / / /
h sonicwall tz_500 - / / / / / / /
h sonicwall tz_500w - / / / / / / /
h sonicwall tz_600 - / / / / / / /
h sonicwall tz_600p - / / / / / / /
o sonicwall sonicos / / / / / / / /
h sonicwall nsa_2700 - / / / / / / /
h sonicwall nsa_3700 - / / / / / / /
h sonicwall nsa_4700 - / / / / / / /
h sonicwall nsa_5700 - / / / / / / /
h sonicwall nsa_6700 - / / / / / / /
h sonicwall nssp_10700 - / / / / / / /
h sonicwall nssp_11700 - / / / / / / /
h sonicwall nssp_13700 - / / / / / / /
h sonicwall tz270 - / / / / / / /
h sonicwall tz270w - / / / / / / /
h sonicwall tz370 - / / / / / / /
h sonicwall tz370w - / / / / / / /
h sonicwall tz470 - / / / / / / /
h sonicwall tz470w - / / / / / / /
h sonicwall tz570 - / / / / / / /
h sonicwall tz570p - / / / / / / /
h sonicwall tz570w - / / / / / / /
h sonicwall tz670 - / / / / / / /

CVSS Data

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score
9.8
Exploitability Score
3.9
Impact Score
5.9
Base Severity
CRITICAL
CVSS Vector String

The CVSS vector string provides an in-depth view of the vulnerability metrics.

View Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015
PSIRT@sonicwall.com