SonicWall SonicOS Improper Access Control Vulnerability

Added Sept. 9, 2024 • Due Sept. 30, 2024 • CVE-2024-40766

Overdue SonicWall / SonicOS Known Ransomware Use CWE-284

Description

SonicWall SonicOS contains an improper access control vulnerability that could lead to unauthorized resource access and, under certain conditions, may cause the firewall to crash.

Required Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015
https://nvd.nist.gov/vuln/detail/CVE-2024-40766

Additional Information

Catalog Version: 2025.01.24
Catalog Released: Jan. 24, 2025
Days Until Due: 0 days
Last Updated: 6 months, 3 weeks ago