CVE-2024-40766

An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:soho:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:sonicwall:nssp_12400:-:::::::*
	cpe:2.3:h:sonicwall:nssp_12800:-:::::::*
	cpe:2.3:h:sonicwall:sm9800:-:::::::*

Configuration 3 (hide)

AND

cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:sonicwall:nsa_2650:-:::::::*
	cpe:2.3:h:sonicwall:nsa_3600:-:::::::*
	cpe:2.3:h:sonicwall:nsa_3650:-:::::::*
	cpe:2.3:h:sonicwall:nsa_4600:-:::::::*
	cpe:2.3:h:sonicwall:nsa_4650:-:::::::*
	cpe:2.3:h:sonicwall:nsa_5600:-:::::::*
	cpe:2.3:h:sonicwall:nsa_5650:-:::::::*
	cpe:2.3:h:sonicwall:nsa_6600:-:::::::*
	cpe:2.3:h:sonicwall:nsa_6650:-:::::::*
	cpe:2.3:h:sonicwall:sm_9200:-:::::::*
	cpe:2.3:h:sonicwall:sm_9250:-:::::::*
	cpe:2.3:h:sonicwall:sm_9400:-:::::::*
	cpe:2.3:h:sonicwall:sm_9450:-:::::::*
	cpe:2.3:h:sonicwall:sm_9600:-:::::::*
	cpe:2.3:h:sonicwall:sm_9650:-:::::::*
	cpe:2.3:h:sonicwall:soho_250:-:::::::*
	cpe:2.3:h:sonicwall:soho_250w:-:::::::*
	cpe:2.3:h:sonicwall:sohow:-:::::::*
	cpe:2.3:h:sonicwall:tz_300:-:::::::*
	cpe:2.3:h:sonicwall:tz_300p:-:::::::*
	cpe:2.3:h:sonicwall:tz_300w:-:::::::*
	cpe:2.3:h:sonicwall:tz_350:-:::::::*
	cpe:2.3:h:sonicwall:tz_350w:-:::::::*
	cpe:2.3:h:sonicwall:tz_400:-:::::::*
	cpe:2.3:h:sonicwall:tz_400w:-:::::::*
	cpe:2.3:h:sonicwall:tz_500:-:::::::*
	cpe:2.3:h:sonicwall:tz_500w:-:::::::*
	cpe:2.3:h:sonicwall:tz_600:-:::::::*
	cpe:2.3:h:sonicwall:tz_600p:-:::::::*

Configuration 4 (hide)

AND

cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:sonicwall:nsa_2700:-:::::::*
	cpe:2.3:h:sonicwall:nsa_3700:-:::::::*
	cpe:2.3:h:sonicwall:nsa_4700:-:::::::*
	cpe:2.3:h:sonicwall:nsa_5700:-:::::::*
	cpe:2.3:h:sonicwall:nsa_6700:-:::::::*
	cpe:2.3:h:sonicwall:nssp_10700:-:::::::*
	cpe:2.3:h:sonicwall:nssp_11700:-:::::::*
	cpe:2.3:h:sonicwall:nssp_13700:-:::::::*
	cpe:2.3:h:sonicwall:tz270:-:::::::*
	cpe:2.3:h:sonicwall:tz270w:-:::::::*
	cpe:2.3:h:sonicwall:tz370:-:::::::*
	cpe:2.3:h:sonicwall:tz370w:-:::::::*
	cpe:2.3:h:sonicwall:tz470:-:::::::*
	cpe:2.3:h:sonicwall:tz470w:-:::::::*
	cpe:2.3:h:sonicwall:tz570:-:::::::*
	cpe:2.3:h:sonicwall:tz570p:-:::::::*
	cpe:2.3:h:sonicwall:tz570w:-:::::::*
	cpe:2.3:h:sonicwall:tz670:-:::::::*

History

11 Sep 2024, 11:14

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~9.3~~	v2 : unknown v3 : 9.8
CPE		cpe:2.3:h:sonicwall:nsa_2650:-:::::::* cpe:2.3:h:sonicwall:soho:-:::::::* cpe:2.3:h:sonicwall:nssp_11700:-:::::::* cpe:2.3:h:sonicwall:tz270w:-:::::::* cpe:2.3:h:sonicwall:nsa_3650:-:::::::* cpe:2.3:h:sonicwall:nsa_6650:-:::::::* cpe:2.3:h:sonicwall:tz_500:-:::::::* cpe:2.3:h:sonicwall:sohow:-:::::::* cpe:2.3:h:sonicwall:tz_350w:-:::::::* cpe:2.3:h:sonicwall:nssp_12800:-:::::::* cpe:2.3:h:sonicwall:tz_300w:-:::::::* cpe:2.3:h:sonicwall:tz570p:-:::::::* cpe:2.3:h:sonicwall:nsa_4700:-:::::::* cpe:2.3:h:sonicwall:nsa_5600:-:::::::* cpe:2.3:h:sonicwall:tz370:-:::::::* cpe:2.3:h:sonicwall:tz270:-:::::::* cpe:2.3:h:sonicwall:sm9800:-:::::::* cpe:2.3:h:sonicwall:nsa_3600:-:::::::* cpe:2.3:h:sonicwall:tz570:-:::::::* cpe:2.3:h:sonicwall:sm_9250:-:::::::* cpe:2.3:h:sonicwall:tz_600:-:::::::* cpe:2.3:h:sonicwall:nsa_6600:-:::::::* cpe:2.3:h:sonicwall:nssp_13700:-:::::::* cpe:2.3:h:sonicwall:tz_300p:-:::::::* cpe:2.3:h:sonicwall:nssp_12400:-:::::::* cpe:2.3:h:sonicwall:nsa_2700:-:::::::* cpe:2.3:h:sonicwall:tz670:-:::::::* cpe:2.3:h:sonicwall:nsa_3700:-:::::::* cpe:2.3:h:sonicwall:nsa_5700:-:::::::* cpe:2.3:h:sonicwall:tz470:-:::::::* cpe:2.3:h:sonicwall:tz_400:-:::::::* cpe:2.3:h:sonicwall:soho_250w:-:::::::* cpe:2.3:h:sonicwall:tz_500w:-:::::::* cpe:2.3:h:sonicwall:nsa_6700:-:::::::* cpe:2.3:h:sonicwall:soho_250:-:::::::* cpe:2.3:h:sonicwall:tz570w:-:::::::* cpe:2.3:h:sonicwall:sm_9600:-:::::::* cpe:2.3:h:sonicwall:nssp_10700:-:::::::* cpe:2.3:h:sonicwall:tz370w:-:::::::* cpe:2.3:h:sonicwall:sm_9400:-:::::::* cpe:2.3:h:sonicwall:sm_9450:-:::::::* cpe:2.3:h:sonicwall:sm_9650:-:::::::* cpe:2.3:h:sonicwall:sm_9200:-:::::::* cpe:2.3:h:sonicwall:tz_400w:-:::::::* cpe:2.3:h:sonicwall:nsa_4650:-:::::::* cpe:2.3:h:sonicwall:tz_600p:-:::::::* cpe:2.3:h:sonicwall:nsa_4600:-:::::::* cpe:2.3:h:sonicwall:tz470w:-:::::::* cpe:2.3:h:sonicwall:nsa_5650:-:::::::* cpe:2.3:o:sonicwall:sonicos:::::::: cpe:2.3:h:sonicwall:tz_350:-:::::::* cpe:2.3:h:sonicwall:tz_300:-:::::::*
CWE		NVD-CWE-noinfo
First Time		Sonicwall tz470w Sonicwall nsa 4700 Sonicwall nsa 4600 Sonicwall sm 9250 Sonicwall tz 300 Sonicwall sonicos Sonicwall tz 600 Sonicwall tz 300w Sonicwall nsa 3600 Sonicwall nsa 2650 Sonicwall nsa 2700 Sonicwall sm 9450 Sonicwall tz670 Sonicwall tz370w Sonicwall tz 400w Sonicwall sm 9650 Sonicwall Sonicwall nssp 12800 Sonicwall tz 350 Sonicwall tz 500w Sonicwall nsa 4650 Sonicwall tz470 Sonicwall tz270 Sonicwall nsa 3650 Sonicwall nsa 6650 Sonicwall tz370 Sonicwall nsa 5600 Sonicwall sm 9200 Sonicwall nssp 10700 Sonicwall tz570p Sonicwall nsa 6600 Sonicwall tz 300p Sonicwall tz 600p Sonicwall nssp 11700 Sonicwall nssp 12400 Sonicwall sm 9600 Sonicwall tz 500 Sonicwall nsa 3700 Sonicwall sohow Sonicwall nsa 6700 Sonicwall soho 250w Sonicwall sm9800 Sonicwall tz270w Sonicwall tz 400 Sonicwall sm 9400 Sonicwall nsa 5650 Sonicwall tz 350w Sonicwall soho 250 Sonicwall tz570 Sonicwall tz570w Sonicwall soho Sonicwall nsa 5700 Sonicwall nssp 13700
References	~~() https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015 -~~	() https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015 - Vendor Advisory

06 Sep 2024, 17:35

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.3

23 Aug 2024, 16:18

Type	Values Removed	Values Added
Summary		(es) Se ha identificado una vulnerabilidad de control de acceso inadecuado en el acceso de administración de SonicWall SonicOS, que potencialmente conduce a un acceso no autorizado a recursos y, en condiciones específicas, provoca que el firewall falle. Este problema afecta a los dispositivos SonicWall Firewall Gen 5 y Gen 6, así como a los dispositivos Gen 7 que ejecutan SonicOS 7.0.1-5035 y versiones anteriores.

23 Aug 2024, 07:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-23 07:15

Updated : 2024-09-16 19:48

NVD link : CVE-2024-40766

Mitre link : CVE-2024-40766

CVE.ORG link : CVE-2024-40766

JSON object : View

Products Affected

sonicwall

sm9800
nsa_2650
sohow
nsa_3600
tz_300w
nsa_5600
tz570w
soho_250
sm_9200
tz_350w
tz_600
nssp_11700
nssp_12800
nsa_5700
tz370w
tz570p
sm_9600
nssp_10700
tz470w
soho_250w
tz570
nsa_2700
tz270
nsa_6650
tz_400
tz370
tz_500w
tz270w
nsa_6700
tz_400w
tz_300
nsa_3700
nssp_12400
nsa_3650
nssp_13700
tz_300p
nsa_4650
sm_9450
tz_500
soho
sm_9650
nsa_6600
nsa_5650
tz_350
tz_600p
tz670
sm_9250
nsa_4600
sonicos
nsa_4700
sm_9400
tz470

CWE

NVD-CWE-noinfo CWE-284

Improper Access Control

9.8 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

JSON object

Attach tags to CVE-2024-40766

9.8^/10

Attach tags to `CVE-2024-40766`