Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-40766

An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.

Security Impact Summary

This vulnerability carries a CRITICAL severity rating with a CVSS v3.1 score of 9.8, indicating it can be exploited remotely over the network with relatively low complexity without requiring user interaction and does not require pre-existing privileges . The vulnerability impacts confidentiality (data exposure), integrity (unauthorized modifications), and availability (service disruption) for affected systems. Impacting 52 products from sonicwall, from sonicwall, from sonicwall and 49 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

Reported in 2024, this vulnerability emerged during an era marked by increased sophistication in supply chain attacks, cloud infrastructure vulnerabilities, and software-as-a-service (SaaS) security challenges. Security practices during this period emphasized zero-trust architectures, container security, and API protection.

Published

2024-08-23T07:15:03.643

Last Modified

2025-10-31T15:56:26.010

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Secondary
CWE-284
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	sonicwall	sonicos	< 5.9.2.14-13o	Yes
Hardware	sonicwall	soho	-	No
Operating System	sonicwall	sonicos	< 6.5.2.8-2n	Yes
Hardware	sonicwall	nssp_12400	-	No
Hardware	sonicwall	nssp_12800	-	No
Hardware	sonicwall	sm9800	-	No
Operating System	sonicwall	sonicos	< 6.5.4.15.116n	Yes
Hardware	sonicwall	nsa_2650	-	No
Hardware	sonicwall	nsa_3600	-	No
Hardware	sonicwall	nsa_3650	-	No
Hardware	sonicwall	nsa_4600	-	No
Hardware	sonicwall	nsa_4650	-	No
Hardware	sonicwall	nsa_5600	-	No
Hardware	sonicwall	nsa_5650	-	No
Hardware	sonicwall	nsa_6600	-	No
Hardware	sonicwall	nsa_6650	-	No
Hardware	sonicwall	sm_9200	-	No
Hardware	sonicwall	sm_9250	-	No
Hardware	sonicwall	sm_9400	-	No
Hardware	sonicwall	sm_9450	-	No
Hardware	sonicwall	sm_9600	-	No
Hardware	sonicwall	sm_9650	-	No
Hardware	sonicwall	soho_250	-	No
Hardware	sonicwall	soho_250w	-	No
Hardware	sonicwall	sohow	-	No
Hardware	sonicwall	tz_300	-	No
Hardware	sonicwall	tz_300p	-	No
Hardware	sonicwall	tz_300w	-	No
Hardware	sonicwall	tz_350	-	No
Hardware	sonicwall	tz_350w	-	No
Hardware	sonicwall	tz_400	-	No
Hardware	sonicwall	tz_400w	-	No
Hardware	sonicwall	tz_500	-	No
Hardware	sonicwall	tz_500w	-	No
Hardware	sonicwall	tz_600	-	No
Hardware	sonicwall	tz_600p	-	No
Operating System	sonicwall	sonicos	≤ 7.0.1-5035	Yes
Hardware	sonicwall	nsa_2700	-	No
Hardware	sonicwall	nsa_3700	-	No
Hardware	sonicwall	nsa_4700	-	No
Hardware	sonicwall	nsa_5700	-	No
Hardware	sonicwall	nsa_6700	-	No
Hardware	sonicwall	nssp_10700	-	No
Hardware	sonicwall	nssp_11700	-	No
Hardware	sonicwall	nssp_13700	-	No
Hardware	sonicwall	tz270	-	No
Hardware	sonicwall	tz270w	-	No
Hardware	sonicwall	tz370	-	No
Hardware	sonicwall	tz370w	-	No
Hardware	sonicwall	tz470	-	No
Hardware	sonicwall	tz470w	-	No
Hardware	sonicwall	tz570	-	No
Hardware	sonicwall	tz570p	-	No
Hardware	sonicwall	tz570w	-	No
Hardware	sonicwall	tz670	-	No

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015 Vendor Advisory ([email protected])
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-40766 US Government Resource (134c704f-9b21-4f2e-91b3-4a467353bcc0)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For sonicwall's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.