- 285/2024
- High
SonicWall has released security updates to fix multiple vulnerabilities across several SonicWall products.
The addressed vulnerabilities could allow the attacker to gain unauthorized access, perform server-side request forgery attacks, gain elevated privilege, or perform denial of service attacks on the affected products.
Sample of the addressed vulnerabilities:
1- SonicWALL SMA1000 Connect Tunnel Windows Client Link Following Local Privilege Escalation Vulnerability (CVE-2024-45316):
- CVSS: 7.8
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Privilege Escalation
2- SonicWALL SMA1000 12.4.x Server-Side Request Forgery (SSRF) Vulnerability (CVE-2024-45317):
- CVSS: 7.2
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
The affected products:
- SMA1000 Connect Tunnel Windows (32 and 64-bit) Client 12.4.3.271 and earlier versions.
- SMA1000 Appliance firmware 12.4.3-02676 and earlier versions.
Vulnerabilities
- CVE-2024-45315
- CVE-2024-45316
- CVE-2024-45317
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.