CVE-2024-40766 - OpenCVE

An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is in the KEV database since Sept. 9, 2024.

Exploitation active

Automatable yes

Technical Impact partial

Vendors	Products
Sonicwall	Nsa 2650 Nsa 2700 Nsa 3600 Nsa 3650 Nsa 3700 Nsa 4600 Nsa 4650 Nsa 4700 Nsa 5600 Nsa 5650 Nsa 5700 Nsa 6600 Nsa 6650 Nsa 6700 Nssp 10700 Nssp 11700 Nssp 12400 Nssp 12800 Nssp 13700 Sm9800 Sm 9200 Sm 9250 Sm 9400 Sm 9450 Sm 9600 Sm 9650 Soho Soho 250 Soho 250w Sohow Sonicos Tz270 Tz270w Tz370 Tz370w Tz470 Tz470w Tz570 Tz570p Tz570w Tz670 Tz 300 Tz 300p Tz 300w Tz 350 Tz 350w Tz 400 Tz 400w Tz 500 Tz 500w Tz 600 Tz 600p

Configuration 1 [-]

AND

cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:soho:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:sonicwall:nssp_12400:-:::::::*
	cpe:2.3:h:sonicwall:nssp_12800:-:::::::*
	cpe:2.3:h:sonicwall:sm9800:-:::::::*

Configuration 3 [-]

AND

cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:sonicwall:nsa_2650:-:::::::*
	cpe:2.3:h:sonicwall:nsa_3600:-:::::::*
	cpe:2.3:h:sonicwall:nsa_3650:-:::::::*
	cpe:2.3:h:sonicwall:nsa_4600:-:::::::*
	cpe:2.3:h:sonicwall:nsa_4650:-:::::::*
	cpe:2.3:h:sonicwall:nsa_5600:-:::::::*
	cpe:2.3:h:sonicwall:nsa_5650:-:::::::*
	cpe:2.3:h:sonicwall:nsa_6600:-:::::::*
	cpe:2.3:h:sonicwall:nsa_6650:-:::::::*
	cpe:2.3:h:sonicwall:sm_9200:-:::::::*
	cpe:2.3:h:sonicwall:sm_9250:-:::::::*
	cpe:2.3:h:sonicwall:sm_9400:-:::::::*
	cpe:2.3:h:sonicwall:sm_9450:-:::::::*
	cpe:2.3:h:sonicwall:sm_9600:-:::::::*
	cpe:2.3:h:sonicwall:sm_9650:-:::::::*
	cpe:2.3:h:sonicwall:soho_250:-:::::::*
	cpe:2.3:h:sonicwall:soho_250w:-:::::::*
	cpe:2.3:h:sonicwall:sohow:-:::::::*
	cpe:2.3:h:sonicwall:tz_300:-:::::::*
	cpe:2.3:h:sonicwall:tz_300p:-:::::::*
	cpe:2.3:h:sonicwall:tz_300w:-:::::::*
	cpe:2.3:h:sonicwall:tz_350:-:::::::*
	cpe:2.3:h:sonicwall:tz_350w:-:::::::*
	cpe:2.3:h:sonicwall:tz_400:-:::::::*
	cpe:2.3:h:sonicwall:tz_400w:-:::::::*
	cpe:2.3:h:sonicwall:tz_500:-:::::::*
	cpe:2.3:h:sonicwall:tz_500w:-:::::::*
	cpe:2.3:h:sonicwall:tz_600:-:::::::*
	cpe:2.3:h:sonicwall:tz_600p:-:::::::*

Configuration 4 [-]

AND

cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:sonicwall:nsa_2700:-:::::::*
	cpe:2.3:h:sonicwall:nsa_3700:-:::::::*
	cpe:2.3:h:sonicwall:nsa_4700:-:::::::*
	cpe:2.3:h:sonicwall:nsa_5700:-:::::::*
	cpe:2.3:h:sonicwall:nsa_6700:-:::::::*
	cpe:2.3:h:sonicwall:nssp_10700:-:::::::*
	cpe:2.3:h:sonicwall:nssp_11700:-:::::::*
	cpe:2.3:h:sonicwall:nssp_13700:-:::::::*
	cpe:2.3:h:sonicwall:tz270:-:::::::*
	cpe:2.3:h:sonicwall:tz270w:-:::::::*
	cpe:2.3:h:sonicwall:tz370:-:::::::*
	cpe:2.3:h:sonicwall:tz370w:-:::::::*
	cpe:2.3:h:sonicwall:tz470:-:::::::*
	cpe:2.3:h:sonicwall:tz470w:-:::::::*
	cpe:2.3:h:sonicwall:tz570:-:::::::*
	cpe:2.3:h:sonicwall:tz570p:-:::::::*
	cpe:2.3:h:sonicwall:tz570w:-:::::::*
	cpe:2.3:h:sonicwall:tz670:-:::::::*

No data.

References

Link	Providers
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015

History

Wed, 11 Sep 2024 11:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Sonicwall nsa 2650 Sonicwall nsa 2700 Sonicwall nsa 3600 Sonicwall nsa 3650 Sonicwall nsa 3700 Sonicwall nsa 4600 Sonicwall nsa 4650 Sonicwall nsa 4700 Sonicwall nsa 5600 Sonicwall nsa 5650 Sonicwall nsa 5700 Sonicwall nsa 6600 Sonicwall nsa 6650 Sonicwall nsa 6700 Sonicwall nssp 10700 Sonicwall nssp 11700 Sonicwall nssp 12400 Sonicwall nssp 12800 Sonicwall nssp 13700 Sonicwall sm9800 Sonicwall sm 9200 Sonicwall sm 9250 Sonicwall sm 9400 Sonicwall sm 9450 Sonicwall sm 9600 Sonicwall sm 9650 Sonicwall soho Sonicwall soho 250 Sonicwall soho 250w Sonicwall sohow Sonicwall tz270 Sonicwall tz270w Sonicwall tz370 Sonicwall tz370w Sonicwall tz470 Sonicwall tz470w Sonicwall tz570 Sonicwall tz570p Sonicwall tz570w Sonicwall tz670 Sonicwall tz 300 Sonicwall tz 300p Sonicwall tz 300w Sonicwall tz 350 Sonicwall tz 350w Sonicwall tz 400 Sonicwall tz 400w Sonicwall tz 500 Sonicwall tz 500w Sonicwall tz 600 Sonicwall tz 600p
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:h:sonicwall:nsa_2650:-:::::::* cpe:2.3:h:sonicwall:nsa_2700:-:::::::* cpe:2.3:h:sonicwall:nsa_3600:-:::::::* cpe:2.3:h:sonicwall:nsa_3650:-:::::::* cpe:2.3:h:sonicwall:nsa_3700:-:::::::* cpe:2.3:h:sonicwall:nsa_4600:-:::::::* cpe:2.3:h:sonicwall:nsa_4650:-:::::::* cpe:2.3:h:sonicwall:nsa_4700:-:::::::* cpe:2.3:h:sonicwall:nsa_5600:-:::::::* cpe:2.3:h:sonicwall:nsa_5650:-:::::::* cpe:2.3:h:sonicwall:nsa_5700:-:::::::* cpe:2.3:h:sonicwall:nsa_6600:-:::::::* cpe:2.3:h:sonicwall:nsa_6650:-:::::::* cpe:2.3:h:sonicwall:nsa_6700:-:::::::* cpe:2.3:h:sonicwall:nssp_10700:-:::::::* cpe:2.3:h:sonicwall:nssp_11700:-:::::::* cpe:2.3:h:sonicwall:nssp_12400:-:::::::* cpe:2.3:h:sonicwall:nssp_12800:-:::::::* cpe:2.3:h:sonicwall:nssp_13700:-:::::::* cpe:2.3:h:sonicwall:sm9800:-:::::::* cpe:2.3:h:sonicwall:sm_9200:-:::::::* cpe:2.3:h:sonicwall:sm_9250:-:::::::* cpe:2.3:h:sonicwall:sm_9400:-:::::::* cpe:2.3:h:sonicwall:sm_9450:-:::::::* cpe:2.3:h:sonicwall:sm_9600:-:::::::* cpe:2.3:h:sonicwall:sm_9650:-:::::::* cpe:2.3:h:sonicwall:soho:-:::::::* cpe:2.3:h:sonicwall:soho_250:-:::::::* cpe:2.3:h:sonicwall:soho_250w:-:::::::* cpe:2.3:h:sonicwall:sohow:-:::::::* cpe:2.3:h:sonicwall:tz270:-:::::::* cpe:2.3:h:sonicwall:tz270w:-:::::::* cpe:2.3:h:sonicwall:tz370:-:::::::* cpe:2.3:h:sonicwall:tz370w:-:::::::* cpe:2.3:h:sonicwall:tz470:-:::::::* cpe:2.3:h:sonicwall:tz470w:-:::::::* cpe:2.3:h:sonicwall:tz570:-:::::::* cpe:2.3:h:sonicwall:tz570p:-:::::::* cpe:2.3:h:sonicwall:tz570w:-:::::::* cpe:2.3:h:sonicwall:tz670:-:::::::* cpe:2.3:h:sonicwall:tz_300:-:::::::* cpe:2.3:h:sonicwall:tz_300p:-:::::::* cpe:2.3:h:sonicwall:tz_300w:-:::::::* cpe:2.3:h:sonicwall:tz_350:-:::::::* cpe:2.3:h:sonicwall:tz_350w:-:::::::* cpe:2.3:h:sonicwall:tz_400:-:::::::* cpe:2.3:h:sonicwall:tz_400w:-:::::::* cpe:2.3:h:sonicwall:tz_500:-:::::::* cpe:2.3:h:sonicwall:tz_500w:-:::::::* cpe:2.3:h:sonicwall:tz_600:-:::::::* cpe:2.3:h:sonicwall:tz_600p:-:::::::*
Vendors & Products		Sonicwall nsa 2650 Sonicwall nsa 2700 Sonicwall nsa 3600 Sonicwall nsa 3650 Sonicwall nsa 3700 Sonicwall nsa 4600 Sonicwall nsa 4650 Sonicwall nsa 4700 Sonicwall nsa 5600 Sonicwall nsa 5650 Sonicwall nsa 5700 Sonicwall nsa 6600 Sonicwall nsa 6650 Sonicwall nsa 6700 Sonicwall nssp 10700 Sonicwall nssp 11700 Sonicwall nssp 12400 Sonicwall nssp 12800 Sonicwall nssp 13700 Sonicwall sm9800 Sonicwall sm 9200 Sonicwall sm 9250 Sonicwall sm 9400 Sonicwall sm 9450 Sonicwall sm 9600 Sonicwall sm 9650 Sonicwall soho Sonicwall soho 250 Sonicwall soho 250w Sonicwall sohow Sonicwall tz270 Sonicwall tz270w Sonicwall tz370 Sonicwall tz370w Sonicwall tz470 Sonicwall tz470w Sonicwall tz570 Sonicwall tz570p Sonicwall tz570w Sonicwall tz670 Sonicwall tz 300 Sonicwall tz 300p Sonicwall tz 300w Sonicwall tz 350 Sonicwall tz 350w Sonicwall tz 400 Sonicwall tz 400w Sonicwall tz 500 Sonicwall tz 500w Sonicwall tz 600 Sonicwall tz 600p

Mon, 09 Sep 2024 17:30:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2024-09-09'}`

Mon, 09 Sep 2024 14:30:00 +0000

Type	Values Removed	Values Added
Metrics	ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`	ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 06 Sep 2024 17:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Sonicwall Sonicwall sonicos
CPEs		cpe:2.3:o:sonicwall:sonicos::::::::
Vendors & Products		Sonicwall Sonicwall sonicos
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`	cvssV3_1 `{'score': 9.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 23 Aug 2024 14:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 23 Aug 2024 06:30:00 +0000

Type	Values Removed	Values Added
Description		An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.
Weaknesses		CWE-284
References		https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015

MITRE

Status: PUBLISHED

Assigner: sonicwall

Published: 2024-08-23T06:19:07.229Z

Updated: 2024-09-09T16:20:22.681Z

Reserved: 2024-07-10T15:58:49.462Z

Link: CVE-2024-40766

Vulnrichment

Updated: 2024-08-23T14:10:19.974Z

NVD

Status : Analyzed

Published: 2024-08-23T07:15:03.643

Modified: 2024-09-16T19:48:30.827

Link: CVE-2024-40766

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact Low

User Interaction None

Exploitation active

Automatable yes

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object