VIR Vulnerability Intelligence Relay

CVE-2024-40766

unknown KEV
Published 2024-09-09 · Modified 2024-09-09
CVSS v3
CVSS v2
VIR risk
1.5

Description

SonicWall SonicOS contains an improper access control vulnerability that could lead to unauthorized resource access and, under certain conditions, may cause the firewall to crash.

CISA KEV

Vendor
SonicWall
Product
SonicOS
Due date
2024-09-30

Predictions

Exploit likelihood
99%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cisa-kev — https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015; https://www.sonicwall.com/support/notices/gen-7-and-newer-sonicwall-firewalls-sslvpn-recent-threat-activity/kA1VN0000000RDG0A2 ; https://nvd.nist.gov/vuln/detail/CVE-2024-40766

Exploits

References

Verify integrity in audit chain (admin only). AS-IS.