CVE-2024-40766

CRITICAL 9.3

⚠️ CISA KEV

CVSS Score

9.3

EPSS Score

0.0%

EPSS Percentile

0th

An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.

CWE	CWE-284
Vendor	sonicwall
Product	sonicos
Published	Aug 23, 2024
Last Updated	Oct 21, 2025

⚠️ Actively Exploited — Act Now

Get instant alerts for sonicwall sonicos

This vulnerability is actively exploited in the wild. Set up free real-time alerts so you're first to know about threats like CVE-2024-40766.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

SonicWall / SonicOS

5.9.2.14-12o and older versions 6.5.4.14-109n and older versions 7.0.1-5035 and older versions

References

NVD ↗ CVE.org ↗ EPSS Data ↗

psirt.global.sonicwall.com: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015 cisa.gov: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-40766