{"id":167595,"date":"2024-08-26T17:20:59","date_gmt":"2024-08-26T17:20:59","guid":{"rendered":"https:\/\/securityaffairs.com\/?p=167595"},"modified":"2024-08-26T17:21:31","modified_gmt":"2024-08-26T17:21:31","slug":"sonicwall-sonicos-cve-2024-40766","status":"publish","type":"post","link":"https:\/\/securityaffairs.com\/167595\/security\/sonicwall-sonicos-cve-2024-40766.html","title":{"rendered":"SonicWall addressed an improper access control issue in its firewalls"},"content":{"rendered":"
<\/div>\n

SonicWall addressed a critical flaw in its firewalls that could allow attackers to achieve unauthorized access to the devices.<\/h2>\n\n\n\n

SonicWall has released security updates to address a critical vulnerability, tracked as CVE-2024-40766\u00a0(CVSS score: 9.3), in its firewalls.<\/p>\n\n\n\n

The vulnerability is an improper access control issue that resides in the SonicWall SonicOS management access.<\/gwmw><\/p>\n\n\n\n

“An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash.” reads the advisory<\/strong><\/a> published by the vendor. “This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.”<\/em><\/gwmw><\/p>\n\n\n\n

Below are the impacted versions: <\/p>\n\n\n\n

Impacted Platforms<\/strong><\/td>Impacted Versions<\/strong><\/td><\/tr>

SOHO (Gen 5)<\/td>

5.9.2.14-12o and older versions<\/td><\/tr>
Gen6 Firewalls -SOHOW, TZ 300, TZ 300W, TZ 400, TZ 400W, TZ 500, TZ 500W, TZ 600, NSA 2650,NSA 3600, NSA 3650, NSA 4600, NSA 4650, NSA 5600, NSA 5650, NSA 6600, NSA 6650, SM 9200, SM 9250,SM 9400, SM 9450, SM 9600, SM 9650, TZ 300P, TZ 600P, SOHO 250, SOHO 250W, TZ 350, TZ 350W<\/td>
6.5.4.14-109n and older versions<\/td><\/tr>
Gen7 Firewalls – TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W,TZ570P, TZ670, NSa 2700, NSa 3700,NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700<\/td>SonicOS build version 7.0.1-5035 and older versions. 
* However SonicWall recommends youinstall the latest firmware.<\/td><\/tr><\/tbody><\/table>
<\/gwmw><\/figcaption><\/figure>\n\n\n\n

The following versions addressed the vulnerability:<\/gwmw><\/p>\n\n\n\n