9.8критическая
CVE-2024-40766
Описание
An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.
Затрагиваемое ПО
Sonicwall SonicosSonicwall SohoSonicwall Nssp 12400Sonicwall Nssp 12800Sonicwall Sm9800Sonicwall Nsa 2650Sonicwall Nsa 3600Sonicwall Nsa 3650Sonicwall Nsa 4600Sonicwall Nsa 4650Sonicwall Nsa 5600Sonicwall Nsa 5650Sonicwall Nsa 6600Sonicwall Nsa 6650Sonicwall Sm 9200Sonicwall Sm 9250Sonicwall Sm 9400Sonicwall Sm 9450Sonicwall Sm 9600Sonicwall Sm 9650Sonicwall Soho 250Sonicwall Soho 250wSonicwall SohowSonicwall Tz 300Sonicwall Tz 300p
CVSS
| Балл | 9.8 — критическая |
| Вектор | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Источники
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-40766