Risk | High |
Patch available | YES |
Number of vulnerabilities | 6 |
CVE-ID | CVE-2024-38475 CVE-2024-40763 CVE-2024-45318 CVE-2024-45319 CVE-2024-53702 CVE-2024-53703 |
CWE-ID | CWE-20 CWE-122 CWE-121 CWE-798 CWE-338 |
Exploitation vector | Network |
Public exploit | Public exploit code for vulnerability #1 is available. |
Vulnerable software |
SMA 100 Hardware solutions / Security hardware applicances |
Vendor | SonicWall |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
EUVDB-ID: #VU93542
Risk: High
CVSSv3.1: 7.3 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2024-38475
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input in mod_rewrite when first segment of substitution matches filesystem path. A remote attacker can map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL and view contents of files or execute arbitrary code.
Install update from vendor's website.
Vulnerable software versionsSMA 100: 10.2.1.0-17sv - 10.2.1.13-72sv
CPE2.3http://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0018
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU101255
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40763
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the SSL-VPN interface. A remote attacker can send specially crafted data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSMA 100: 10.2.1.0-17sv - 10.2.1.13-72sv
CPE2.3http://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0018
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU101256
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-45318
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the SSL-VPN web management interface. A remote non-authenticated attacker can send specially crafted data to the management interface, trigger a stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSMA 100: 10.2.1.0-17sv - 10.2.1.13-72sv
CPE2.3http://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0018
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU101258
Risk: Medium
CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-45319
CWE-ID:
CWE-798 - Use of Hard-coded Credentials
Exploit availability: No
DescriptionThe vulnerability allows a remote user to bypass certificate-based authentication.
The vulnerability exists due to presence of hard-coded credentials in application code. A remote authenticated user can circumvent the certificate requirement during authentication.
MitigationInstall update from vendor's website.
Vulnerable software versionsSMA 100: 10.2.1.0-17sv - 10.2.1.13-72sv
CPE2.3http://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0018
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU101260
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-53702
CWE-ID:
CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to guess generated secrets.
The vulnerability exists due to usage of weak random generator values within the SSL-VPN backup code generator. A remote attacker can guess generated secret.
Install update from vendor's website.
Vulnerable software versionsSMA 100: 10.2.1.0-17sv - 10.2.1.13-72sv
CPE2.3http://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0018
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU101261
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-53703
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the SSL-VPN mod_httprp library loaded by the Apache web server. A remote unauthenticated attacker can send specially crafted requests to the SSL-VPN web interface, trigger a stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSMA 100: 10.2.1.0-17sv - 10.2.1.13-72sv
CPE2.3http://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0018
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.