CVE-2024-40766
Description
An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.
In plain language
AI Act nowCVE-2024-40766 is a critical SonicWall firewall management security flaw that is already being exploited in the wild; if you run SonicWall SonicOS firewall management (especially Gen 5/6 or Gen 7 on SonicOS 7.0.1-5035 or older), you should act immediately.
What to do
- Contact your IT/security provider now and ask for an immediate firmware upgrade for SonicWall SonicOS to a fixed version that removes CVE-2024-40766 exposure (for Gen 5/6 and Gen 7 before/at 7.0.1-5035). 2) If you can’t upgrade right away, restrict/disable public access to SonicOS management from the internet and limit access to trusted admin IPs only. 3) Check whether your SonicWall models and SonicOS versions fall into the affected ranges and prioritize any matching devices first.
CVSS Vector Breakdown
AV:NAttack VectorAC:LAttack ComplexityPR:NPrivileges RequiredUI:NUser InteractionS:UScopeC:HConfidentialityI:HIntegrityA:HAvailabilityWeaknesses
Affected Products
Exploitability
Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
References
Unlock Complete Vulnerability Intelligence
Get the full picture for CVE-2024-40766 and every CVE in our database. Create a free account — no credit card required.
Create Free Account