CVE-2024-40766

An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:soho:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:sonicwall:nssp_12400:-:::::::*
	cpe:2.3:h:sonicwall:nssp_12800:-:::::::*
	cpe:2.3:h:sonicwall:sm9800:-:::::::*

Configuration 3 (hide)

AND

cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:sonicwall:nsa_2650:-:::::::*
	cpe:2.3:h:sonicwall:nsa_3600:-:::::::*
	cpe:2.3:h:sonicwall:nsa_3650:-:::::::*
	cpe:2.3:h:sonicwall:nsa_4600:-:::::::*
	cpe:2.3:h:sonicwall:nsa_4650:-:::::::*
	cpe:2.3:h:sonicwall:nsa_5600:-:::::::*
	cpe:2.3:h:sonicwall:nsa_5650:-:::::::*
	cpe:2.3:h:sonicwall:nsa_6600:-:::::::*
	cpe:2.3:h:sonicwall:nsa_6650:-:::::::*
	cpe:2.3:h:sonicwall:sm_9200:-:::::::*
	cpe:2.3:h:sonicwall:sm_9250:-:::::::*
	cpe:2.3:h:sonicwall:sm_9400:-:::::::*
	cpe:2.3:h:sonicwall:sm_9450:-:::::::*
	cpe:2.3:h:sonicwall:sm_9600:-:::::::*
	cpe:2.3:h:sonicwall:sm_9650:-:::::::*
	cpe:2.3:h:sonicwall:soho_250:-:::::::*
	cpe:2.3:h:sonicwall:soho_250w:-:::::::*
	cpe:2.3:h:sonicwall:sohow:-:::::::*
	cpe:2.3:h:sonicwall:tz_300:-:::::::*
	cpe:2.3:h:sonicwall:tz_300p:-:::::::*
	cpe:2.3:h:sonicwall:tz_300w:-:::::::*
	cpe:2.3:h:sonicwall:tz_350:-:::::::*
	cpe:2.3:h:sonicwall:tz_350w:-:::::::*
	cpe:2.3:h:sonicwall:tz_400:-:::::::*
	cpe:2.3:h:sonicwall:tz_400w:-:::::::*
	cpe:2.3:h:sonicwall:tz_500:-:::::::*
	cpe:2.3:h:sonicwall:tz_500w:-:::::::*
	cpe:2.3:h:sonicwall:tz_600:-:::::::*
	cpe:2.3:h:sonicwall:tz_600p:-:::::::*

Configuration 4 (hide)

AND

cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:sonicwall:nsa_2700:-:::::::*
	cpe:2.3:h:sonicwall:nsa_3700:-:::::::*
	cpe:2.3:h:sonicwall:nsa_4700:-:::::::*
	cpe:2.3:h:sonicwall:nsa_5700:-:::::::*
	cpe:2.3:h:sonicwall:nsa_6700:-:::::::*
	cpe:2.3:h:sonicwall:nssp_10700:-:::::::*
	cpe:2.3:h:sonicwall:nssp_11700:-:::::::*
	cpe:2.3:h:sonicwall:nssp_13700:-:::::::*
	cpe:2.3:h:sonicwall:tz270:-:::::::*
	cpe:2.3:h:sonicwall:tz270w:-:::::::*
	cpe:2.3:h:sonicwall:tz370:-:::::::*
	cpe:2.3:h:sonicwall:tz370w:-:::::::*
	cpe:2.3:h:sonicwall:tz470:-:::::::*
	cpe:2.3:h:sonicwall:tz470w:-:::::::*
	cpe:2.3:h:sonicwall:tz570:-:::::::*
	cpe:2.3:h:sonicwall:tz570p:-:::::::*
	cpe:2.3:h:sonicwall:tz570w:-:::::::*
	cpe:2.3:h:sonicwall:tz670:-:::::::*

History

11 Sep 2024, 11:14

Type	Values Removed	Values Added
CWE		NVD-CWE-noinfo
CVSS	v2 : ~~unknown~~ v3 : ~~9.3~~	v2 : unknown v3 : 9.8
CPE		cpe:2.3:h:sonicwall:nsa_2700:-:::::::* cpe:2.3:h:sonicwall:sm_9650:-:::::::* cpe:2.3:h:sonicwall:sm_9200:-:::::::* cpe:2.3:h:sonicwall:tz_300:-:::::::* cpe:2.3:h:sonicwall:nsa_5700:-:::::::* cpe:2.3:h:sonicwall:nsa_6650:-:::::::* cpe:2.3:h:sonicwall:nsa_3700:-:::::::* cpe:2.3:h:sonicwall:nsa_6700:-:::::::* cpe:2.3:h:sonicwall:tz_500:-:::::::* cpe:2.3:h:sonicwall:soho_250:-:::::::* cpe:2.3:h:sonicwall:tz_300p:-:::::::* cpe:2.3:h:sonicwall:nssp_10700:-:::::::* cpe:2.3:h:sonicwall:tz570w:-:::::::* cpe:2.3:h:sonicwall:tz270w:-:::::::* cpe:2.3:h:sonicwall:soho_250w:-:::::::* cpe:2.3:h:sonicwall:sohow:-:::::::* cpe:2.3:h:sonicwall:tz670:-:::::::* cpe:2.3:h:sonicwall:nssp_12400:-:::::::* cpe:2.3:h:sonicwall:nsa_2650:-:::::::* cpe:2.3:h:sonicwall:tz_400w:-:::::::* cpe:2.3:h:sonicwall:tz_500w:-:::::::* cpe:2.3:h:sonicwall:tz_600:-:::::::* cpe:2.3:h:sonicwall:nsa_5650:-:::::::* cpe:2.3:h:sonicwall:nsa_6600:-:::::::* cpe:2.3:h:sonicwall:tz_350w:-:::::::* cpe:2.3:h:sonicwall:tz370:-:::::::* cpe:2.3:h:sonicwall:nsa_4600:-:::::::* cpe:2.3:h:sonicwall:tz570p:-:::::::* cpe:2.3:h:sonicwall:sm_9400:-:::::::* cpe:2.3:h:sonicwall:sm_9600:-:::::::* cpe:2.3:h:sonicwall:sm_9450:-:::::::* cpe:2.3:h:sonicwall:tz_300w:-:::::::* cpe:2.3:h:sonicwall:soho:-:::::::* cpe:2.3:h:sonicwall:nssp_11700:-:::::::* cpe:2.3:h:sonicwall:tz_400:-:::::::* cpe:2.3:h:sonicwall:nsa_4700:-:::::::* cpe:2.3:h:sonicwall:tz470w:-:::::::* cpe:2.3:h:sonicwall:tz_600p:-:::::::* cpe:2.3:h:sonicwall:sm9800:-:::::::* cpe:2.3:h:sonicwall:nsa_4650:-:::::::* cpe:2.3:h:sonicwall:nsa_3650:-:::::::* cpe:2.3:h:sonicwall:tz370w:-:::::::* cpe:2.3:h:sonicwall:nssp_13700:-:::::::* cpe:2.3:o:sonicwall:sonicos:::::::: cpe:2.3:h:sonicwall:tz570:-:::::::* cpe:2.3:h:sonicwall:tz_350:-:::::::* cpe:2.3:h:sonicwall:nsa_3600:-:::::::* cpe:2.3:h:sonicwall:nsa_5600:-:::::::* cpe:2.3:h:sonicwall:sm_9250:-:::::::* cpe:2.3:h:sonicwall:tz470:-:::::::* cpe:2.3:h:sonicwall:tz270:-:::::::* cpe:2.3:h:sonicwall:nssp_12800:-:::::::*
References	~~() https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015 -~~	() https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015 - Vendor Advisory
First Time		Sonicwall tz 600p Sonicwall tz 300p Sonicwall sm 9450 Sonicwall tz670 Sonicwall nsa 6650 Sonicwall nsa 4650 Sonicwall tz 300w Sonicwall nssp 12400 Sonicwall sm 9250 Sonicwall sonicos Sonicwall sm 9400 Sonicwall nssp 12800 Sonicwall tz 500w Sonicwall soho 250 Sonicwall tz 400w Sonicwall tz 400 Sonicwall sm 9600 Sonicwall tz370 Sonicwall sohow Sonicwall tz570 Sonicwall sm 9200 Sonicwall tz 300 Sonicwall tz 500 Sonicwall nsa 2650 Sonicwall tz 350w Sonicwall tz570w Sonicwall tz270w Sonicwall nsa 3700 Sonicwall tz370w Sonicwall nsa 6600 Sonicwall nsa 3600 Sonicwall Sonicwall nsa 3650 Sonicwall tz570p Sonicwall nsa 4700 Sonicwall tz470 Sonicwall nssp 11700 Sonicwall tz 600 Sonicwall nssp 10700 Sonicwall nssp 13700 Sonicwall nsa 5700 Sonicwall sm 9650 Sonicwall nsa 2700 Sonicwall nsa 5600 Sonicwall nsa 6700 Sonicwall tz 350 Sonicwall soho Sonicwall nsa 4600 Sonicwall nsa 5650 Sonicwall sm9800 Sonicwall soho 250w Sonicwall tz470w Sonicwall tz270

06 Sep 2024, 17:35

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.3

23 Aug 2024, 16:18

Type	Values Removed	Values Added
Summary		(es) Se ha identificado una vulnerabilidad de control de acceso inadecuado en el acceso de administración de SonicWall SonicOS, que potencialmente conduce a un acceso no autorizado a recursos y, en condiciones específicas, provoca que el firewall falle. Este problema afecta a los dispositivos SonicWall Firewall Gen 5 y Gen 6, así como a los dispositivos Gen 7 que ejecutan SonicOS 7.0.1-5035 y versiones anteriores.

23 Aug 2024, 07:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-23 07:15

Updated : 2024-09-16 19:48

NVD link : CVE-2024-40766

Mitre link : CVE-2024-40766

CVE.ORG link : CVE-2024-40766

JSON object : View

Products Affected

sonicwall

sm_9600
tz_500
nsa_4700
tz370
soho_250
tz_600
soho
nssp_11700
nsa_5700
nsa_6600
nsa_4650
tz270
tz370w
nsa_3700
nssp_10700
tz_500w
nssp_12800
nssp_13700
tz_350
nssp_12400
sm_9650
nsa_2650
nsa_5600
tz_400
sm_9450
sm_9200
tz_300w
sm_9250
sohow
sm_9400
soho_250w
nsa_5650
tz_350w
nsa_3600
tz270w
tz470w
tz_400w
tz570
tz570w
tz570p
nsa_6650
sonicos
tz_300p
nsa_2700
nsa_6700
tz_300
nsa_4600
tz_600p
tz670
tz470
nsa_3650
sm9800

CWE

NVD-CWE-noinfo CWE-284

Improper Access Control

9.8 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

JSON object

Attach tags to CVE-2024-40766

9.8^/10

Attach tags to `CVE-2024-40766`