CVE-2024-40766

An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.

Published: Aug 23, 2024
Updated: May 4, 2025
CVE: CVE-2024-40766
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-284

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
sonicwall / sonicos	-	5.9.2.14-13o
sonicwall / sonicos	-	6.5.2.8-2n
sonicwall / sonicos	-	6.5.4.15.116n
sonicwall / sonicos	-	7.0.1-5035.x

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015

Vulnerability Database

289,697

CVE-2024-40766