- 208/2024
- High
SonicWall has released security updates to fix several vulnerabilities affecting multiple SonicWall products.
The addressed vulnerabilities could allow the remote attacker to perform denial of service attacks or execute arbitrary code and gain access to the affected system.
Sample of the addressed vulnerabilities:
1. SonicOS IPSec VPN Heap-Based Buffer Overflow Vulnerability (CVE-2024-40764):
- CVSS: 7.5
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Denial of Service
2. SonicWall NetExtender Windows Client Remote Code Execution Vulnerability (CVE-2024-29014):
- CVSS: 7.1
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: Required
- Consequences: Gain Access
Affected products:
- SonicOS SSL-VPN.
- SonicOS HTTP Server.
- SonicOS IPSec VPN.
- SonicWall NetExtender Windows Client.
Vulnerabilities
- CVE-2024-29014
- CVE-2024-40764
- CVE-2024-6387
- CVE-2024-29012
- CVE-2024-29013
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.