{ "id": "CVE-2024-40766", "sourceIdentifier": "PSIRT@sonicwall.com", "published": "2024-08-23T07:15:03.643", "lastModified": "2024-09-16T19:48:30.827", "vulnStatus": "Analyzed", "cveTags": [], "cisaExploitAdd": "2024-09-09", "cisaActionDue": "2024-09-30", "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", "cisaVulnerabilityName": "SonicWall SonicOS Improper Access Control Vulnerability", "descriptions": [ { "lang": "en", "value": "An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions." }, { "lang": "es", "value": "Se ha identificado una vulnerabilidad de control de acceso inadecuado en el acceso de administraci\u00f3n de SonicWall SonicOS, que potencialmente conduce a un acceso no autorizado a recursos y, en condiciones espec\u00edficas, provoca que el firewall falle. Este problema afecta a los dispositivos SonicWall Firewall Gen 5 y Gen 6, as\u00ed como a los dispositivos Gen 7 que ejecutan SonicOS 7.0.1-5035 y versiones anteriores." } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" }, "exploitabilityScore": 3.9, "impactScore": 5.9 }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 9.3, "baseSeverity": "CRITICAL" }, "exploitabilityScore": 3.9, "impactScore": 4.7 } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ] }, { "source": "PSIRT@sonicwall.com", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-284" } ] } ], "configurations": [ { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.9.2.14-13o", "matchCriteriaId": "37E20C47-F8DA-4313-B9AD-C63CEA9D42C5" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:sonicwall:soho:-:*:*:*:*:*:*:*", "matchCriteriaId": "C6B6B3FD-428E-4D6C-8C45-172CF4FB430D" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.5.2.8-2n", "matchCriteriaId": "0B16D102-B2BA-4F94-A42F-B8EB2E697907" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:sonicwall:nssp_12400:-:*:*:*:*:*:*:*", "matchCriteriaId": "F2F22AB1-044C-45F1-BD33-82BB46402363" }, { "vulnerable": false, "criteria": "cpe:2.3:h:sonicwall:nssp_12800:-:*:*:*:*:*:*:*", "matchCriteriaId": "E62EAD79-2CD4-4479-B26A-A0C97B5B241A" }, { "vulnerable": false, "criteria": "cpe:2.3:h:sonicwall:sm9800:-:*:*:*:*:*:*:*", "matchCriteriaId": "FCBF16D6-4C60-440D-95AB-986ABC4F9100" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.5.4.15.116n", "matchCriteriaId": "CAFD6E22-8E19-4B5A-85DE-7850FE0AE7CF" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:sonicwall:nsa_2650:-:*:*:*:*:*:*:*", "matchCriteriaId": "B7BCDFEE-DC5A-44B8-85DF-8BFC02B1A973" }, { "vulnerable": false, "criteria": "cpe:2.3:h:sonicwall:nsa_3600:-:*:*:*:*:*:*:*", "matchCriteriaId": "8A24BCC0-CE41-49AF-B03D-D4FCB422503B" }, { "vulnerable": false, "criteria": "cpe:2.3:h:sonicwall:nsa_3650:-:*:*:*:*:*:*:*", "matchCriteriaId": "043858A6-26AC-4EB0-A240-A43AD08C6AD5" }, { "vulnerable": false, "criteria": "cpe:2.3:h:sonicwall:nsa_4600:-:*:*:*:*:*:*:*", "matchCriteriaId": "8FD73880-DC60-467F-99B6-69807D58A840" }, { "vulnerable": false, "criteria": "cpe:2.3:h:sonicwall:nsa_4650:-:*:*:*:*:*:*:*", "matchCriteriaId": "73BB9452-A014-4A68-9662-63E6C60EEAD2" }, { "vulnerable": false, "criteria": "cpe:2.3:h:sonicwall:nsa_5600:-:*:*:*:*:*:*:*", "matchCriteriaId": "B0CF683A-7E83-464B-8A0D-4CC641377FA6" }, { "vulnerable": false, "criteria": "cpe:2.3:h:sonicwall:nsa_5650:-:*:*:*:*:*:*:*", "matchCriteriaId": "9FAAEBB4-F180-4195-BA7F-591AB02EEDC9" }, { "vulnerable": false, "criteria": "cpe:2.3:h:sonicwall:nsa_6600:-:*:*:*:*:*:*:*", "matchCriteriaId": "CD9C3F77-2F1A-4C4F-A8F8-CDBFB7B87891" }, { "vulnerable": false, "criteria": "cpe:2.3:h:sonicwall:nsa_6650:-:*:*:*:*:*:*:*", "matchCriteriaId": "676B05B2-716E-4DC4-BEE8-0E3BCCA5DB27" }, { "vulnerable": false, "criteria": "cpe:2.3:h:sonicwall:sm_9200:-:*:*:*:*:*:*:*", "matchCriteriaId": "FEF2B435-957C-4BBE-937D-23E4F33189EF" }, { "vulnerable": false, "criteria": "cpe:2.3:h:sonicwall:sm_9250:-:*:*:*:*:*:*:*", "matchCriteriaId": "0CE4FE75-10AD-47D4-AF87-E4C294F89EA8" }, { "vulnerable": false, "criteria": "cpe:2.3:h:sonicwall:sm_9400:-:*:*:*:*:*:*:*", "matchCriteriaId": "B485C543-DFCF-4481-92B4-F7198EE4FBD1" }, { "vulnerable": false, "criteria": "cpe:2.3:h:sonicwall:sm_9450:-:*:*:*:*:*:*:*", "matchCriteriaId": "928C1C0D-7AF7-4076-B5B2-207DFF3AD6A4" }, { "vulnerable": false, "criteria": "cpe:2.3:h:sonicwall:sm_9600:-:*:*:*:*:*:*:*", "matchCriteriaId": "F030C5AB-36CA-445E-AC87-8DEE18DBB40E" }, { "vulnerable": false, "criteria": "cpe:2.3:h:sonicwall:sm_9650:-:*:*:*:*:*:*:*", "matchCriteriaId": "A1F9D940-8AE2-4B92-B69D-9FF6F48DF16C" }, { "vulnerable": false, "criteria": "cpe:2.3:h:sonicwall:soho_250:-:*:*:*:*:*:*:*", "matchCriteriaId": "9FDE64E9-44DD-4B7C-BA34-FE2C79E3FAED" }, { "vulnerable": false, "criteria": "cpe:2.3:h:sonicwall:soho_250w:-:*:*:*:*:*:*:*", "matchCriteriaId": "4E8F3935-89B4-4091-9B8C-442C02FD4F3A" }, { "vulnerable": false, "criteria": "cpe:2.3:h:sonicwall:sohow:-:*:*:*:*:*:*:*", "matchCriteriaId": "7268E89B-FF46-45AD-82FF-333505EF957B" }, { "vulnerable": false, "criteria": "cpe:2.3:h:sonicwall:tz_300:-:*:*:*:*:*:*:*", "matchCriteriaId": "0804FADE-57F7-452F-86B3-079701059D37" }, { "vulnerable": false, "criteria": "cpe:2.3:h:sonicwall:tz_300p:-:*:*:*:*:*:*:*", "matchCriteriaId": "9956F726-6D62-4616-B60A-4D3DD6F32105" }, { "vulnerable": false, "criteria": "cpe:2.3:h:sonicwall:tz_300w:-:*:*:*:*:*:*:*", "matchCriteriaId": "29F4D403-F20A-4802-AAE9-9582486EB436" }, { "vulnerable": false, "criteria": "cpe:2.3:h:sonicwall:tz_350:-:*:*:*:*:*:*:*", "matchCriteriaId": "675F28A7-0BB3-4CDA-855E-7EFC650B512E" }, { "vulnerable": false, "criteria": "cpe:2.3:h:sonicwall:tz_350w:-:*:*:*:*:*:*:*", "matchCriteriaId": "FF991212-3F2C-4F54-B96C-C33F500DB77B" }, { "vulnerable": false, "criteria": "cpe:2.3:h:sonicwall:tz_400:-:*:*:*:*:*:*:*", "matchCriteriaId": "5983C650-84F6-4B2E-A27E-9E83EA1DDC02" }, { "vulnerable": false, "criteria": "cpe:2.3:h:sonicwall:tz_400w:-:*:*:*:*:*:*:*", "matchCriteriaId": "BDD4B412-7967-477F-929E-8F12A39186FF" }, { "vulnerable": false, "criteria": "cpe:2.3:h:sonicwall:tz_500:-:*:*:*:*:*:*:*", "matchCriteriaId": "A1D996FA-52D1-47C2-87E6-682EEC9CA532" }, { "vulnerable": false, "criteria": "cpe:2.3:h:sonicwall:tz_500w:-:*:*:*:*:*:*:*", "matchCriteriaId": "B9DEF6EE-000D-407D-AA2B-E039BA306A2A" }, { "vulnerable": false, "criteria": "cpe:2.3:h:sonicwall:tz_600:-:*:*:*:*:*:*:*", "matchCriteriaId": "C0B8BFA4-2E15-4318-B7A9-DBDE801D0CF0" }, { "vulnerable": false, "criteria": "cpe:2.3:h:sonicwall:tz_600p:-:*:*:*:*:*:*:*", "matchCriteriaId": "DCB8CDE6-8052-40F7-950F-05329499A58A" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", "versionEndIncluding": "7.0.1-5035", "matchCriteriaId": "34814AB8-5F1D-44B4-B53B-FC4FA794DDAA" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:sonicwall:nsa_2700:-:*:*:*:*:*:*:*", "matchCriteriaId": "8D8B0C7A-FD65-47CA-A625-150A90EFA7A1" }, { "vulnerable": false, "criteria": "cpe:2.3:h:sonicwall:nsa_3700:-:*:*:*:*:*:*:*", "matchCriteriaId": "A69E000B-5806-46FD-A233-4E2CC9DD38D2" }, { "vulnerable": false, "criteria": "cpe:2.3:h:sonicwall:nsa_4700:-:*:*:*:*:*:*:*", "matchCriteriaId": "8DF4A322-7CC7-4AB9-B10E-FFF34DF2182D" }, { "vulnerable": false, "criteria": "cpe:2.3:h:sonicwall:nsa_5700:-:*:*:*:*:*:*:*", "matchCriteriaId": "4C15FED5-C48C-47CF-9645-0563D77883C1" }, { "vulnerable": false, "criteria": "cpe:2.3:h:sonicwall:nsa_6700:-:*:*:*:*:*:*:*", "matchCriteriaId": "A884B1BB-F201-4C77-9F6E-B8A884DCD4C2" }, { "vulnerable": false, "criteria": "cpe:2.3:h:sonicwall:nssp_10700:-:*:*:*:*:*:*:*", "matchCriteriaId": "7C3BA5A3-1160-4793-A8D6-40B9D264BCC4" }, { "vulnerable": false, "criteria": "cpe:2.3:h:sonicwall:nssp_11700:-:*:*:*:*:*:*:*", "matchCriteriaId": "6739DEA3-06FF-4FEB-9931-0DB27F63B70E" }, { "vulnerable": false, "criteria": "cpe:2.3:h:sonicwall:nssp_13700:-:*:*:*:*:*:*:*", "matchCriteriaId": "0250EDF9-0AEF-4711-8EF6-D447CF48BCAF" }, { "vulnerable": false, "criteria": "cpe:2.3:h:sonicwall:tz270:-:*:*:*:*:*:*:*", "matchCriteriaId": "70340DD4-687B-402C-85AF-C2B80D0F1600" }, { "vulnerable": false, "criteria": "cpe:2.3:h:sonicwall:tz270w:-:*:*:*:*:*:*:*", "matchCriteriaId": "52847BA2-470B-4078-A79B-52095DB9214B" }, { "vulnerable": false, "criteria": "cpe:2.3:h:sonicwall:tz370:-:*:*:*:*:*:*:*", "matchCriteriaId": "9853AE3A-B0EA-4249-AA7D-1F2051C9BF91" }, { "vulnerable": false, "criteria": "cpe:2.3:h:sonicwall:tz370w:-:*:*:*:*:*:*:*", "matchCriteriaId": "4DBDD10C-F89D-4051-BC70-67B41167FF9B" }, { "vulnerable": false, "criteria": "cpe:2.3:h:sonicwall:tz470:-:*:*:*:*:*:*:*", "matchCriteriaId": "6C23940E-2F9D-447B-A740-42035ED5D400" }, { "vulnerable": false, "criteria": "cpe:2.3:h:sonicwall:tz470w:-:*:*:*:*:*:*:*", "matchCriteriaId": "90C790AD-C40E-4527-8F83-D278282A9600" }, { "vulnerable": false, "criteria": "cpe:2.3:h:sonicwall:tz570:-:*:*:*:*:*:*:*", "matchCriteriaId": "C7DF76E0-8E3D-4E0D-A3BB-F5AE05A4C7C9" }, { "vulnerable": false, "criteria": "cpe:2.3:h:sonicwall:tz570p:-:*:*:*:*:*:*:*", "matchCriteriaId": "352DFCF9-E333-41C0-8033-91265768FD8E" }, { "vulnerable": false, "criteria": "cpe:2.3:h:sonicwall:tz570w:-:*:*:*:*:*:*:*", "matchCriteriaId": "4C882C38-9DA5-4C03-BB23-AB2B448E3307" }, { "vulnerable": false, "criteria": "cpe:2.3:h:sonicwall:tz670:-:*:*:*:*:*:*:*", "matchCriteriaId": "AEEA6065-48D3-4EC7-BD94-CBAE3D1010FF" } ] } ] } ], "references": [ { "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015", "source": "PSIRT@sonicwall.com", "tags": [ "Vendor Advisory" ] } ] }