- 129/2024
- High
SonicWall has released a security update to fix two vulnerabilities affecting SonicWall GMS (Virtual Appliance, Windows) – 9.3.4 and earlier versions.
The addressed vulnerabilities could allow the remote attacker to bypass security restrictions, or obtain sensitive information from the affected product.
The addressed vulnerabilities:
1. GMS ECM Hard-Coded Credential Authentication Bypass Vulnerability (CVE- 2024-29011):
- CVSS: 7.5
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Bypass Security
2. GMS ECM Policy XML External Entity Processing Information Disclosure Vulnerability (CVE-2024-29010):
- CVSS: 7.1
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Obtain Information
Vulnerabilities
- CVE-2024-29010
- CVE-2024-29011
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.