Cyber Resilience

CVE-2024-40765

Critical

Published: 09 January 2025

Published
09 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0293 86.7th percentile
Risk Priority 21 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-40765 is a critical-severity Integer Overflow or Wraparound (CWE-190) vulnerability in Sonicwall (inferred from references). Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 13.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-40765 is an integer-based buffer overflow vulnerability (CWE-190) in SonicOS via IPSec. It affects SonicWall SonicOS firewalls, particularly the component handling IKEv2 payloads, as disclosed on January 9, 2025. The flaw enables a remote attacker under specific conditions to trigger the overflow by sending a specially crafted IKEv2 payload.

A remote, unauthenticated attacker can exploit this vulnerability over the network with low attack complexity and no user interaction required, as reflected in its CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Successful exploitation can cause a denial of service (DoS) or potentially lead to arbitrary code execution, granting high impacts on confidentiality, integrity, and availability.

The SonicWall PSIRT advisory provides details on mitigation, available at https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0013.

EU & UK References

Vulnerability details

An Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a specially crafted IKEv2 payload.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Remote unauthenticated buffer overflow in public-facing SonicOS IPSec/IKEv2 service directly enables T1190 for RCE or DoS on the appliance.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-30404Shared CWE-190
CVE-2025-53518Shared CWE-190
CVE-2024-55656Shared CWE-190
CVE-2026-44673Shared CWE-190
CVE-2024-11347Shared CWE-190
CVE-2026-31649Shared CWE-190
CVE-2025-14308Shared CWE-190
CVE-2026-41416Shared CWE-190
CVE-2026-24830Shared CWE-190
CVE-2026-5121Shared CWE-190

Affected Assets

Sonicwall
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the integer-based buffer overflow vulnerability in SonicOS IKEv2 processing by applying vendor patches as recommended in the PSIRT advisory.

prevent

Requires validation of incoming IKEv2 payloads to prevent integer overflows from specially crafted inputs that trigger the buffer overflow.

prevent

Implements memory protections such as address space layout randomization and stack canaries to mitigate arbitrary code execution from the buffer overflow.

References