CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2024-40766

CVSS 9.8v3.1pub. 2024-08-23upd. 2025-10-31

An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Sonicwall Nsa 2650

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Nsa 2700

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Nsa 3600

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Nsa 3650

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Nsa 3700

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Nsa 4600

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Nsa 4650

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Nsa 4700

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Nsa 5600

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Nsa 5650

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Nsa 5700

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Nsa 6600

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Nsa 6650

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Nsa 6700

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Nssp 10700

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Nssp 11700

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Nssp 12400

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Nssp 12800

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Nssp 13700

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Sm 9200

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Sm 9250

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Sm 9400

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Sm 9450

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Sm 9600

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Sm 9650

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Sm9800

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Soho

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Soho 250

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Soho 250w

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Sohow

    HW
    Sonicwall
    wszystkie wersje

CISA KEV — detailsi

Vendori
SonicWall
Producti
SonicOS
Added to KEVi
September 9, 2024
Remediation deadline (US Federal)i
September 30, 2024(overdue)
Ransomwarei
Active ransomware campaigns exploit this vulnerability
Required action (CISA)i

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

CISA descriptioni

SonicWall SonicOS contains an improper access control vulnerability that could lead to unauthorized resource access and, under certain conditions, may cause the firewall to crash.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
☠️WYKORZYSTYWANE W RANSOMWARECISA DEADLINE: 30 września 2024
Tags
Firewall
CWE
References

Related vulnerabilities

CVE-2024-53704CRITICAL9.8⚠ KEVPL ✓ten sam produkt

SonicWall SonicOS SSLVPN — pominięcie uwierzytelnienia (Auth Bypass)

CVE-2020-5135CRITICAL9.8⚠ KEVten sam produkt

A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and poten...

CVE-2025-40600CRITICAL9.8PL ✓ten sam produkt

SonicOS SSL VPN: format string umożliwia zakłócenie usługi bez uwierzytelnienia

CVE-2024-3596CRITICAL9.0PL ✓ten sam produkt

Atak przez fałszowanie odpowiedzi w protokole RADIUS (RFC 2865) via kolizja MD5

CVE-2024-22394CRITICAL9.8PL ✓ten sam produkt

Pominięcie uwierzytelnienia w SonicWall SonicOS SSL-VPN (auth bypass)