CVE-2024-40766

An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:soho:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:sonicwall:nssp_12400:-:::::::*
	cpe:2.3:h:sonicwall:nssp_12800:-:::::::*
	cpe:2.3:h:sonicwall:sm9800:-:::::::*

Configuration 3 (hide)

AND

cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:sonicwall:nsa_2650:-:::::::*
	cpe:2.3:h:sonicwall:nsa_3600:-:::::::*
	cpe:2.3:h:sonicwall:nsa_3650:-:::::::*
	cpe:2.3:h:sonicwall:nsa_4600:-:::::::*
	cpe:2.3:h:sonicwall:nsa_4650:-:::::::*
	cpe:2.3:h:sonicwall:nsa_5600:-:::::::*
	cpe:2.3:h:sonicwall:nsa_5650:-:::::::*
	cpe:2.3:h:sonicwall:nsa_6600:-:::::::*
	cpe:2.3:h:sonicwall:nsa_6650:-:::::::*
	cpe:2.3:h:sonicwall:sm_9200:-:::::::*
	cpe:2.3:h:sonicwall:sm_9250:-:::::::*
	cpe:2.3:h:sonicwall:sm_9400:-:::::::*
	cpe:2.3:h:sonicwall:sm_9450:-:::::::*
	cpe:2.3:h:sonicwall:sm_9600:-:::::::*
	cpe:2.3:h:sonicwall:sm_9650:-:::::::*
	cpe:2.3:h:sonicwall:soho_250:-:::::::*
	cpe:2.3:h:sonicwall:soho_250w:-:::::::*
	cpe:2.3:h:sonicwall:sohow:-:::::::*
	cpe:2.3:h:sonicwall:tz_300:-:::::::*
	cpe:2.3:h:sonicwall:tz_300p:-:::::::*
	cpe:2.3:h:sonicwall:tz_300w:-:::::::*
	cpe:2.3:h:sonicwall:tz_350:-:::::::*
	cpe:2.3:h:sonicwall:tz_350w:-:::::::*
	cpe:2.3:h:sonicwall:tz_400:-:::::::*
	cpe:2.3:h:sonicwall:tz_400w:-:::::::*
	cpe:2.3:h:sonicwall:tz_500:-:::::::*
	cpe:2.3:h:sonicwall:tz_500w:-:::::::*
	cpe:2.3:h:sonicwall:tz_600:-:::::::*
	cpe:2.3:h:sonicwall:tz_600p:-:::::::*

Configuration 4 (hide)

AND

cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:sonicwall:nsa_2700:-:::::::*
	cpe:2.3:h:sonicwall:nsa_3700:-:::::::*
	cpe:2.3:h:sonicwall:nsa_4700:-:::::::*
	cpe:2.3:h:sonicwall:nsa_5700:-:::::::*
	cpe:2.3:h:sonicwall:nsa_6700:-:::::::*
	cpe:2.3:h:sonicwall:nssp_10700:-:::::::*
	cpe:2.3:h:sonicwall:nssp_11700:-:::::::*
	cpe:2.3:h:sonicwall:nssp_13700:-:::::::*
	cpe:2.3:h:sonicwall:tz270:-:::::::*
	cpe:2.3:h:sonicwall:tz270w:-:::::::*
	cpe:2.3:h:sonicwall:tz370:-:::::::*
	cpe:2.3:h:sonicwall:tz370w:-:::::::*
	cpe:2.3:h:sonicwall:tz470:-:::::::*
	cpe:2.3:h:sonicwall:tz470w:-:::::::*
	cpe:2.3:h:sonicwall:tz570:-:::::::*
	cpe:2.3:h:sonicwall:tz570p:-:::::::*
	cpe:2.3:h:sonicwall:tz570w:-:::::::*
	cpe:2.3:h:sonicwall:tz670:-:::::::*

History

16 Sep 2024, 19:48

Type	Values Removed	Values Added
References	~~() https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015 -~~	() https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015 - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
First Time		Sonicwall nssp 12800 Sonicwall nsa 2650 Sonicwall soho 250 Sonicwall tz 600 Sonicwall sohow Sonicwall nsa 3600 Sonicwall tz 350 Sonicwall tz270w Sonicwall soho 250w Sonicwall tz370w Sonicwall tz470w Sonicwall tz670 Sonicwall nsa 6650 Sonicwall nsa 3700 Sonicwall tz 400 Sonicwall tz 350w Sonicwall sm 9400 Sonicwall tz 600p Sonicwall tz 400w Sonicwall nsa 4600 Sonicwall nsa 2700 Sonicwall sm 9450 Sonicwall tz 300p Sonicwall nsa 4650 Sonicwall nssp 12400 Sonicwall Sonicwall tz570p Sonicwall tz 500 Sonicwall sm 9200 Sonicwall nssp 13700 Sonicwall nsa 5700 Sonicwall sm 9250 Sonicwall nsa 5650 Sonicwall tz370 Sonicwall tz570w Sonicwall tz570 Sonicwall soho Sonicwall sm9800 Sonicwall tz 300 Sonicwall tz470 Sonicwall sonicos Sonicwall nsa 3650 Sonicwall nssp 10700 Sonicwall tz 500w Sonicwall sm 9650 Sonicwall nssp 11700 Sonicwall nsa 6600 Sonicwall nsa 6700 Sonicwall tz270 Sonicwall nsa 4700 Sonicwall nsa 5600 Sonicwall sm 9600 Sonicwall tz 300w
CWE		NVD-CWE-noinfo
CPE		cpe:2.3:h:sonicwall:tz_350:-:::::::* cpe:2.3:h:sonicwall:tz_500:-:::::::* cpe:2.3:h:sonicwall:soho_250w:-:::::::* cpe:2.3:h:sonicwall:tz_600:-:::::::* cpe:2.3:h:sonicwall:tz570p:-:::::::* cpe:2.3:h:sonicwall:tz270w:-:::::::* cpe:2.3:h:sonicwall:sm_9200:-:::::::* cpe:2.3:h:sonicwall:nsa_6600:-:::::::* cpe:2.3:h:sonicwall:tz670:-:::::::* cpe:2.3:h:sonicwall:sm_9250:-:::::::* cpe:2.3:h:sonicwall:nsa_3650:-:::::::* cpe:2.3:h:sonicwall:tz_600p:-:::::::* cpe:2.3:h:sonicwall:nsa_4700:-:::::::* cpe:2.3:h:sonicwall:tz_300:-:::::::* cpe:2.3:h:sonicwall:tz370:-:::::::* cpe:2.3:h:sonicwall:nsa_6700:-:::::::* cpe:2.3:h:sonicwall:soho:-:::::::* cpe:2.3:h:sonicwall:tz_400:-:::::::* cpe:2.3:h:sonicwall:nsa_5650:-:::::::* cpe:2.3:h:sonicwall:sm_9650:-:::::::* cpe:2.3:h:sonicwall:sm_9450:-:::::::* cpe:2.3:h:sonicwall:tz270:-:::::::* cpe:2.3:h:sonicwall:sm_9600:-:::::::* cpe:2.3:h:sonicwall:nsa_3600:-:::::::* cpe:2.3:h:sonicwall:nsa_2650:-:::::::* cpe:2.3:h:sonicwall:tz570w:-:::::::* cpe:2.3:h:sonicwall:nsa_2700:-:::::::* cpe:2.3:h:sonicwall:nsa_6650:-:::::::* cpe:2.3:h:sonicwall:tz470w:-:::::::* cpe:2.3:h:sonicwall:nssp_11700:-:::::::* cpe:2.3:h:sonicwall:tz_300p:-:::::::* cpe:2.3:h:sonicwall:nsa_5600:-:::::::* cpe:2.3:h:sonicwall:nssp_13700:-:::::::* cpe:2.3:h:sonicwall:tz570:-:::::::* cpe:2.3:h:sonicwall:sm9800:-:::::::* cpe:2.3:h:sonicwall:tz_400w:-:::::::* cpe:2.3:h:sonicwall:nsa_5700:-:::::::* cpe:2.3:h:sonicwall:nssp_10700:-:::::::* cpe:2.3:h:sonicwall:tz370w:-:::::::* cpe:2.3:h:sonicwall:nssp_12800:-:::::::* cpe:2.3:h:sonicwall:nsa_3700:-:::::::* cpe:2.3:h:sonicwall:nssp_12400:-:::::::* cpe:2.3:h:sonicwall:soho_250:-:::::::* cpe:2.3:o:sonicwall:sonicos:::::::: cpe:2.3:h:sonicwall:nsa_4600:-:::::::* cpe:2.3:h:sonicwall:sm_9400:-:::::::* cpe:2.3:h:sonicwall:nsa_4650:-:::::::* cpe:2.3:h:sonicwall:tz_350w:-:::::::* cpe:2.3:h:sonicwall:sohow:-:::::::* cpe:2.3:h:sonicwall:tz_300w:-:::::::* cpe:2.3:h:sonicwall:tz_500w:-:::::::* cpe:2.3:h:sonicwall:tz470:-:::::::*

23 Aug 2024, 16:18

Type	Values Removed	Values Added
Summary		(es) Se ha identificado una vulnerabilidad de control de acceso inadecuado en el acceso de administración de SonicWall SonicOS, que potencialmente conduce a un acceso no autorizado a recursos y, en condiciones específicas, provoca que el firewall falle. Este problema afecta a los dispositivos SonicWall Firewall Gen 5 y Gen 6, así como a los dispositivos Gen 7 que ejecutan SonicOS 7.0.1-5035 y versiones anteriores.

23 Aug 2024, 07:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-23 07:15

Updated : 2024-09-16 19:48

NVD link : CVE-2024-40766

Mitre link : CVE-2024-40766

CVE.ORG link : CVE-2024-40766

JSON object : View

Products Affected

sonicwall

soho_250
tz_300
nsa_6700
sm9800
nsa_6650
nsa_3700
nssp_11700
tz_600p
nsa_4700
nsa_5650
tz_400
tz370w
tz470
tz_500w
nsa_4600
nssp_12800
soho_250w
sm_9200
tz570
nssp_12400
tz_600
nssp_13700
nssp_10700
sm_9600
nsa_3650
tz270w
tz570p
sm_9450
sm_9650
nsa_5600
tz_300p
tz270
sm_9250
nsa_3600
tz_350
tz_400w
sm_9400
tz_300w
nsa_2650
tz470w
sonicos
nsa_6600
sohow
nsa_5700
tz570w
nsa_2700
soho
nsa_4650
tz670
tz370
tz_500
tz_350w

CWE

NVD-CWE-noinfo CWE-284

Improper Access Control

9.8 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

JSON object

Attach tags to CVE-2024-40766

9.8^/10

Attach tags to `CVE-2024-40766`