- 327/2024
- High
SonicWall has released security updates to fix multiple vulnerabilities across SonicWall SMA100 SSL-VPN versions 10.2.1.13-72sv and earlier.
The addressed vulnerabilities could allow the attacker to bypass security restrictions, perform stack-based and heap-based buffer overflow, or execute arbitrary code, and gain access to the affected systems.
Sample of the addressed vulnerabilities:
1- SonicWall SMA100 SSLVPN Web Management Stack-Based Buffer Overflow Vulnerability (CVE-2024-45318):
- CVSS: 8.1
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
2- SonicWall SMA100 SSLVPN Web Management Certificate-Based Authentication Bypass Vulnerability (CVE-2024-45319):
- CVSS: 6.3
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Bypass Security
Vulnerabilities
- CVE-2024-40763
- CVE-2024-45318
- CVE-2024-45319
- CVE-2024-53702
- CVE-2024-53703
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.