SonicOS: improper access control (CVE-2024-40766) #shorts #breaking

CVE

This recent security vulnerability, identified as improper access control, affects the management access of SonicWall SonicOS devices. Specifically, it impacts SonicWall Firewall devices from Generation 5, Generation 6, and Generation 7, including those running SonicOS version 7.0.1-5035 and earlier. The vulnerability could allow unauthorized users to gain access to restricted resources and potentially cause the firewall to crash. As the exploitability of this vulnerability was discovered less than a month ago and remains a zero-day issue, it poses a significant risk to systems that have not been addressed. Organizations using these affected devices should have a heightened awareness of this security flaw.

Watch the full video on YouTube: CVE-2024-40766

Remediation and exploitation details

This chain involves the following actors

This following systems are involved

Attack entry point

Remediation actions

Exploitation actions

CVE database technical details

CVE ID

CVE-2024-40766

Description

An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.

Provider

sonicwall

CWE / problem types

CWE-284 Improper Access Control

Affected Software Versions

SonicWall:SonicOS:[{'status': 'affected', 'version': '5.9.2.14-12o and older versions'}, {'status': 'affected', 'version': '6.5.4.14-109n and older versions'}, {'status': 'affected', 'version': '7.0.1-5035 and older versions'}]

Date Published

2024-08-23T06:19:07.229Z

Last Updated

2024-09-09T16:20:22.681Z