Multiple vulnerabilities in SonicWall SMA100 series



| Updated: 2024-12-13
Risk High
Patch available YES
Number of vulnerabilities 6
CVE-ID CVE-2024-38475
CVE-2024-40763
CVE-2024-45318
CVE-2024-45319
CVE-2024-53702
CVE-2024-53703
CWE-ID CWE-20
CWE-122
CWE-121
CWE-798
CWE-338
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerable software
SMA 100
Hardware solutions / Security hardware applicances

Vendor SonicWall

Security Bulletin

This security bulletin contains information about 6 vulnerabilities.

1) Input validation error

EUVDB-ID: #VU93542

Risk: High

CVSSv3.1: 7.3 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2024-38475

CWE-ID: CWE-20 - Improper input validation

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input in mod_rewrite when first segment of substitution matches filesystem path. A remote attacker can map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL and view contents of files or execute arbitrary code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SMA 100: 10.2.1.0-17sv - 10.2.1.13-72sv

CPE2.3 External links

http://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0018


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Heap-based buffer overflow

EUVDB-ID: #VU101255

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40763

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the SSL-VPN interface. A remote attacker can send specially crafted data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SMA 100: 10.2.1.0-17sv - 10.2.1.13-72sv

CPE2.3
External links

http://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0018


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Stack-based buffer overflow

EUVDB-ID: #VU101256

Risk: High

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-45318

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the SSL-VPN web management interface. A remote non-authenticated attacker can send specially crafted data to the management interface, trigger a stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SMA 100: 10.2.1.0-17sv - 10.2.1.13-72sv

CPE2.3
External links

http://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0018


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Use of hard-coded credentials

EUVDB-ID: #VU101258

Risk: Medium

CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-45319

CWE-ID: CWE-798 - Use of Hard-coded Credentials

Exploit availability: No

Description

The vulnerability allows a remote user to bypass certificate-based authentication.

The vulnerability exists due to presence of hard-coded credentials in application code. A remote authenticated user can circumvent the certificate requirement during authentication.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SMA 100: 10.2.1.0-17sv - 10.2.1.13-72sv

CPE2.3
External links

http://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0018


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

EUVDB-ID: #VU101260

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-53702

CWE-ID: CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Exploit availability: No

Description

The vulnerability allows a remote attacker to guess generated secrets.

The vulnerability exists due to usage of weak random generator values within the SSL-VPN backup code generator. A remote attacker can guess generated secret.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SMA 100: 10.2.1.0-17sv - 10.2.1.13-72sv

CPE2.3
External links

http://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0018


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Stack-based buffer overflow

EUVDB-ID: #VU101261

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-53703

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the SSL-VPN mod_httprp library loaded by the Apache web server. A remote unauthenticated attacker can send specially crafted requests to the SSL-VPN web interface, trigger a stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SMA 100: 10.2.1.0-17sv - 10.2.1.13-72sv

CPE2.3
External links

http://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0018


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###