Fixed Intel

CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Sep 30, 2024

CVE-2024-40766

High
EPSS 3.4%CISA KEVRansomware
SonicWall/SonicOS

Description

SonicWall SonicOS contains an improper access control vulnerability that could lead to unauthorized resource access and, under certain conditions, may cause the firewall to crash.

EPSS — Exploit Probability

3.4%

Higher than 87.3% of all CVEs

Required Action

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015; https://www.sonicwall.com/support/notices/gen-7-and-newer-sonicwall-firewalls-sslvpn-recent-threat-activity/kA1VN0000000RDG0A2 ; https://nvd.nist.gov/vuln/detail/CVE-2024-40766

Risk Assessment

HIGH
In CISA KEV
Ransomware

Details

Severity
High
EPSS
3.4%
CISA KEV
Yes
Ransomware
Known
Articles
0

Timeline

Published

Sep 9, 2024

Added to KEV

Sep 9, 2024

Remediation Due

Sep 30, 2024

Affected Product

SonicWall

SonicOS

View all SonicWall CVEs

External Links

NVD (NIST)CVE DetailsMITRE CVE