{"cve":{"cve_id":"CVE-2024-40766","is_kev":true,"kev_date_added":"2024-09-09","kev_vendor_project":"SonicWall","kev_product":"SonicOS","kev_vulnerability_name":"SonicWall SonicOS Improper Access Control Vulnerability","kev_short_description":"SonicWall SonicOS contains an improper access control vulnerability that could lead to unauthorized resource access and, under certain conditions, may cause the firewall to crash.","kev_required_action":"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.","kev_due_date":"2024-09-30","kev_known_ransomware":true,"kev_notes":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015; https://www.sonicwall.com/support/notices/gen-7-and-newer-sonicwall-firewalls-sslvpn-recent-threat-activity/kA1VN0000000RDG0A2 ; https://nvd.nist.gov/vuln/detail/CVE-2024-40766","kev_cwes":["CWE-284"],"epss_score":0.15694,"epss_percentile":0.96429,"epss_as_of":"2026-06-23","description":"An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.","published_at":"2024-08-23T06:19:07.229000Z","last_modified_at":null,"cvss_v3_score":9.3,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L","cvss_v3_severity":"CRITICAL","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":"active","ssvc_automatable":true,"ssvc_technical_impact":"partial","cwes":["CWE-284"],"nvd_references":["https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:31.350578Z","updated_at":"2026-06-29T02:03:42.664727Z"},"effective_severity":"CRITICAL","badges":["kev","ransomware"],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"C","value_label":"Changed"},{"metric":"C","name":"Confidentiality","value":"H","value_label":"High"},{"metric":"I","name":"Integrity","value":"N","value_label":"None"},{"metric":"A","name":"Availability","value":"L","value_label":"Low"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"sonicwall","vendor_name":"SonicWall","product_slug":"sonicos","product_name":"SonicOS","version_start":"5.9.2.14-12o and older versions","version_start_inclusive":true,"version_end":"5.9.2.14-12o and older versions","version_end_inclusive":true,"cpe23_uri":"cve5:sonicwall:sonicos:5.9.2.14-12o and older versions:5.9.2.14-12o and older versions"},{"vendor_slug":"sonicwall","vendor_name":"SonicWall","product_slug":"sonicos","product_name":"SonicOS","version_start":"6.5.4.14-109n and older versions","version_start_inclusive":true,"version_end":"6.5.4.14-109n and older versions","version_end_inclusive":true,"cpe23_uri":"cve5:sonicwall:sonicos:6.5.4.14-109n and older versions:6.5.4.14-109n and older versions"},{"vendor_slug":"sonicwall","vendor_name":"SonicWall","product_slug":"sonicos","product_name":"SonicOS","version_start":"7.0.1-5035 and older versions","version_start_inclusive":true,"version_end":"7.0.1-5035 and older versions","version_end_inclusive":true,"cpe23_uri":"cve5:sonicwall:sonicos:7.0.1-5035 and older versions:7.0.1-5035 and older versions"}],"exploit_refs":[],"news":[],"references":[{"url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015","source_type":"VENDOR_ADVISORY","tags":["advisory"]}],"timeline":[{"type":"published","at":"2024-08-23T06:19:07.229000Z","label":"CVE published","source":null},{"type":"cisa_reported","at":"2024-09-09T00:00:00Z","label":"Added to CISA KEV catalog","source":"kev"},{"type":"cvss_changed","at":"2026-06-28T17:37:00.921793Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:37:00.921793Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:37:00.921793Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"ssvc_changed","at":"2026-06-29T02:03:42.664727Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T02:03:42.664727Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T02:03:42.664727Z","label":"SSVC decision revised","source":"vulnrichment"}]}