- 238/2024
- Critical
SonicWall has released a security update to fix a critical vulnerability across SonicWall SonicOS management access.
The addressed vulnerability could allow the remote attacker to gain unauthorized access or in specific conditions cause the firewall to crash.
SonicWall SonicOS Code Execution Vulnerability (CVE-2024-40766):
- CVSS: 9.3
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
Affected products:
- SOHO (Gen 5).
- Gen6 Firewalls -SOHOW, TZ 300, TZ 300W, TZ 400, TZ 400W, TZ 500, TZ 500W, TZ 600, NSA 2650, NSA 3600, NSA 3650, NSA 4600, NSA 4650, NSA 5600, NSA 5650, NSA 6600, NSA 6650, SM 9200, SM 9250, SM 9400, SM 9450, SM 9600, SM 9650, TZ 300P, TZ 600P, SOHO 250, SOHO 250W, TZ 350, TZ 350W.
- Gen7 Firewalls – TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700, NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700.
Vulnerabilities
CVE-2024-40766
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.