CVEPublished 2024-08-231 article on news7 live referencesNVD data

CVE-2024-40766

Vulnerability data via CVEDB (Shodan)

CISA KEVKnown exploited in the wild.Used in ransomware
CISA action: SonicWall SonicOS contains an improper access control vulnerability that could lead to unauthorized resource access and, under certain conditions, may cause the firewall to crash.
CVSS v3.1
9.8
CRITICAL
EPSS percentile
96
Exploit Prediction Scoring System · top 4% of all CVEs
Description

An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.

Timeline
Published 2024-08-23

External references

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

More intel sources (5)

Known PoCs on GitHub (5)