CVE-2024-40765
Published: 09 January 2025
Summary
CVE-2024-40765 is a critical-severity Integer Overflow or Wraparound (CWE-190) vulnerability in Sonicwall (inferred from references). Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 13.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2024-40765 is an integer-based buffer overflow vulnerability (CWE-190) in SonicOS via IPSec. It affects SonicWall SonicOS firewalls, particularly the component handling IKEv2 payloads, as disclosed on January 9, 2025. The flaw enables a remote attacker under specific conditions to trigger the overflow by sending a specially crafted IKEv2 payload.
A remote, unauthenticated attacker can exploit this vulnerability over the network with low attack complexity and no user interaction required, as reflected in its CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Successful exploitation can cause a denial of service (DoS) or potentially lead to arbitrary code execution, granting high impacts on confidentiality, integrity, and availability.
The SonicWall PSIRT advisory provides details on mitigation, available at https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0013.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-38820
Vulnerability details
An Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a specially crafted IKEv2 payload.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated buffer overflow in public-facing SonicOS IPSec/IKEv2 service directly enables T1190 for RCE or DoS on the appliance.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the integer-based buffer overflow vulnerability in SonicOS IKEv2 processing by applying vendor patches as recommended in the PSIRT advisory.
Requires validation of incoming IKEv2 payloads to prevent integer overflows from specially crafted inputs that trigger the buffer overflow.
Implements memory protections such as address space layout randomization and stack canaries to mitigate arbitrary code execution from the buffer overflow.