CVE Tools

Description

An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.

In plain language

AI Act now

CVE-2024-40766 is a critical SonicWall firewall management security flaw that is already being exploited in the wild; if you run SonicWall SonicOS firewall management (especially Gen 5/6 or Gen 7 on SonicOS 7.0.1-5035 or older), you should act immediately.

What to do

  1. Contact your IT/security provider now and ask for an immediate firmware upgrade for SonicWall SonicOS to a fixed version that removes CVE-2024-40766 exposure (for Gen 5/6 and Gen 7 before/at 7.0.1-5035). 2) If you can’t upgrade right away, restrict/disable public access to SonicOS management from the internet and limit access to trusted admin IPs only. 3) Check whether your SonicWall models and SonicOS versions fall into the affected ranges and prioritize any matching devices first.

CVSS Vector Breakdown

AV:NAC:LPR:NUI:NS:UC:HI:HA:H
Exploitability
AV:NAttack Vector
Network
AC:LAttack Complexity
Low
PR:NPrivileges Required
None
UI:NUser Interaction
None
Scope
S:UScope
Unchanged
Impact
C:HConfidentiality
High
I:HIntegrity
High
A:HAvailability
High

Weaknesses

Affected Products

and 1 more affected products View all →

Exploitability

CISA Known Exploited Vulnerability
Added to KEV:Sep 9, 2024
Remediation due:Sep 30, 2024
Ransomware:Known ransomware use

Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Official Patch Available

References

and 1 more references View all →
2

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2024-40766 and every CVE in our database. Create a free account — no credit card required.

Create Free Account
Plain-language analysis
Impact assessment and exploitation scenario in plain English
Attack graph visualization
Interactive attack path and kill chain mapping
Exploit details & PoC links
ExploitDB, Metasploit, GitHub PoCs with direct links
Nuclei scanner templates
Ready-to-use vulnerability scanner templates
Full remediation guide
Patch instructions, workarounds, and compliance impact
Interactive AI chat
Ask questions about this vulnerability in natural language
Related vulnerabilities
Semantically similar CVEs and attack patterns
REST API & MCP access
Integrate vulnerability data into your workflows