Tag :
Cyber Security

About the Vulnerability

Introduction

SonicWALL SonicOS is the operating system for the SonicWALL firewall, a network security device. It offers comprehensive network security features, designed specifically for enterprise networks to effectively resist complex cyber attacks and ensure network performance. SonicOS excels in security, firewall management, VPN connections, and is the core component of the SonicWALL firewall series of devices.

Summary

On September 11, 2024, Sangfor FarSight Labs received notification that an SonicWALL SonicOS component contains information of Access Control Flaw Vulnerability (CVE-2024-40766), classified as high in threat level.

SonicWALL SonicOS is an operating system designed specifically for SonicWALL firewall devices by the American company SonicWALL. There is an access control vulnerability in SonicWALL SonicOS, which stems from allowing unauthorized resource access and can cause the firewall to crash under certain conditions.

Affected Versions

SOHO (Gen 5) ≤ 5.9.2.14-12o

Gen7 Firewalls - TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700,NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700 ≤m6.5.4.14-109n

Gen7 Firewalls - TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700,NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700 ≤ 7.0.1-5035

Solutions

Remediation Solutions

Official Solution

Temporary Remediation Solution:

It is recommended to restrict firewall and SSL VPN management to trusted sources, or disable Internet access for firewall and SSL VPN WAN management.

Reference link for Firewall operation:

https://www.sonicwall.com/support/knowledge-base/how-can-i-restrict-admin-access-to-the-device/170503259079248

Reference link for Firewall operation:

https://www.sonicwall.com/support/knowledge-base/how-can-i-setup-ssl-vpn/17050560928513

Affected users are recommended to contact the official and obtain the latest patch

Download link: https://www.sonicwall.com/support/contact-support

Timeline

On September 11, 2024, Sangfor FarSight Labs received notification of SonicWALL SonicOS Access Control Flaw vulnerability.

On September 11, 2024, Sangfor FarSight Labs released a vulnerability alert.

References

https://cxsecurity.com/cveshow/CVE-2024-40766/

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015

Listen To This Post

Search

Keyword maximum 256 character

Related Articles

Command Injection in the phMonitor Service of Fortinet FortiSIEM (CVE-2025-64155)

Date : 16 Jan 2026
Read Now

XML External Entity Injection (XXE) in Apache Struts (CVE-2025-68493)

Date : 16 Jan 2026
Read Now

Roundup of Microsoft Patch Tuesday (January 2026)

Date : 15 Jan 2026
Read Now

See Other Product

Sangfor Omni-Command
Replace your Enterprise NGAV with Sangfor Endpoint Secure
SASE ROI Calculator - Assess Sangfor SASE’s Total Economic Impact
Sangfor Athena XDR - Extended Detection and Response
Athena SASE - Secure Access Service Edge
Sangfor Athena NGFW - Next Generation Firewall

Meet the Author

Sangfor HQ Building

Sangfor Technologies

Sangfor Technologies is a leading vendor of Cyber Security and Cloud Computing solutions. The majority of the blogs that you are seeing here are written by professionals working at Sangfor. We have a team of content writers, product managers and marketing experts who are taking care of writing articles on various topics that are relevant to our audience. Our team ensures that the articles published are factually correct and helpful to our customers and partners to know more about the recent trends on Cyber Security and Cloud, and how it can help their organizations.

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
See Author's Detail