- 50/2024
- High
SonicWall has released security updates to fix several vulnerabilities across multiple SonicWall products.
The addressed vulnerabilities could allow the attacker to bypass security restrictions, execute arbitrary code, cause a buffer overflow, or gain access by sending a specially crafted request to the affected products.
Sample of the addressed vulnerabilities:
1. SonicWall SonicOS Security Bypass Vulnerability (CVE-2024-22394):
- CVSS: 8.6
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Bypass Security
2. SonicWall Capture Client and NetExtender Client Windows Client Buffer Overflow (CVE-2023-6340):
- CVSS: 8.2
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: Required
- Consequences: Gain Access
Affected products:
- SonicOS 7.1.1-7040.
- SMA 100 Series 10.2.1.9-57sv and earlier versions.
- Capture Client 3.7.10 and earlier versions.
- NetExtender Windows Client 10.2.337 (Windows 32 and 64 bit) and earlier versions.
Vulnerabilities
- CVE-2024-22394
- CVE-2023-6340
- CVE-2023-44221
- CVE-2023-5970
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.