CISA KEV 정보
| 취약점명 | SonicWall SonicOS Improper Access Control Vulnerability |
|---|---|
| 설명 | SonicWall SonicOS contains an improper access control vulnerability that could lead to unauthorized resource access and, under certain conditions, may cause the firewall to crash. |
| 조치사항 | Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. |
| 랜섬웨어 캠페인 악용 | Known |
| CWE | CWE-284 |
| 등록일 (KEV) | 2024-09-09 |
| 조치 기한 | 2024-09-30 |
| 추가 참고 | https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015; https://www.sonicwall.com/support/notices/gen-7-and-newer-sonicwall-firewalls-sslvpn-recent-threat-activity/kA1VN0000000RDG0A2 ; https://nvd.nist.gov/vuln/detail/CVE-2024-40766 |
NVD 상세 정보
CVSS v3.1: 9.8 CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H설명: An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.
CWE: CWE-284
참조
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015 [Vendor Advisory]
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-40766 [US Government Resource]
This product uses the NVD API but is not endorsed or certified by the NVD.