SonicOS: improper access control (CVE-2024-40766) #shorts #breaking

CVE

This recent security vulnerability, identified as improper access control, affects the management access of SonicWall SonicOS devices. Specifically, it impacts SonicWall Firewall devices from Generation 5, Generation 6, and Generation 7, including those running SonicOS version 7.0.1-5035 and earlier. The vulnerability could allow unauthorized users to gain access to restricted resources and potentially cause the firewall to crash. As the exploitability of this vulnerability was discovered less than a month ago and remains a zero-day issue, it poses a significant risk to systems that have not been addressed. Organizations using these affected devices should have a heightened awareness of this security flaw.

Watch the full video on YouTube: CVE-2024-40766

Remediation and exploitation details

This chain involves the following actors

This following systems are involved

Attack entry point

Remediation actions

Exploitation actions

Related Content

NOTE: The following related content has not been vetted and may be unsafe.

CVE database technical details

CVE ID
CVE-2024-40766
Description
An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.
Provider
sonicwall
CWE / problem types
CWE-284 Improper Access Control
Affected Software Versions
SonicWall:SonicOS:[{'status': 'affected', 'version': '5.9.2.14-12o and older versions'}, {'status': 'affected', 'version': '6.5.4.14-109n and older versions'}, {'status': 'affected', 'version': '7.0.1-5035 and older versions'}]
Date Published
2024-08-23T06:19:07.229Z
Last Updated
2024-09-09T16:20:22.681Z