SonicWall Flaws Enable Remote Code Execution

SonicWall Flaws Enable Remote Code Execution

SonicWall warns of critical flaws in SMA 100 series appliances, enabling remote code execution, authentication bypass, and system compromise.

SonicWall advises users to update their SMA 200, 210, 400, 410, and 500v appliances running firmware 10.2.1.13-72sv or earlier. SMA1000 series devices are not affected.

Vulnerability List :

  1. CVE-2024-38475: Path Traversal
    This vulnerability leverages Apache HTTP Server’s mod_rewrite module to map URLs to restricted filesystem locations. Attackers can use this flaw to access sensitive files, potentially compromising system security and data integrity.
  2. CVE-2024-40763: Heap-Based Buffer Overflow
    A flaw in SMA100 devices’ memory management leads to a heap-based buffer overflow. By exploiting this, attackers can execute malicious code remotely or cause a system crash, disrupting services.
  3. CVE-2024-45318: Stack-Based Buffer Overflow
    Found in the SMA100 web management interface, this vulnerability allows attackers to trigger a stack-based buffer overflow. If exploited, it can result in arbitrary code execution, granting full control over the device.
  4. CVE-2024-45319: Certificate Authentication Bypass
    This flaw permits attackers to bypass the certificate requirement during authentication, providing unauthorized access to sensitive systems and potentially exposing critical resources.
  5. CVE-2024-53702: Insecure Randomness
    The SMA100 devices’ backup mechanism uses a weak pseudo-random number generator (PRNG). Attackers can predict its output, potentially leading to the exposure of sensitive information like encryption keys or backup data.
  6. CVE-2024-53703: Stack-Based Buffer Overflow in Apache
    This vulnerability exists in the mod_httprp library used by SMA100 devices running Apache. Exploiting this stack overflow allows attackers to execute arbitrary code remotely, posing a significant threat to the system.

Affected Products :

  • Impacted Models: SonicWall SMA 100 series (SMA 200, 210, 400, 410, 500v).
  • Vulnerable Firmware: Version 10.2.1.13-72sv and earlier.

Details:

Product SeriesModelsAffected Versions
SMA 100SMA 200, SMA 21010.2.1.13-72sv and earlier
SMA 100SMA 400, SMA 41010.2.1.13-72sv and earlier
SMA 100SMA 500v10.2.1.13-72sv and earlier
SMA 1000All modelsNot affected
  • Action Required: SonicWall recommends updating to the latest firmware immediately.
  • Exploitation Status: No active exploitation reported yet, but due to the severity, prompt action is critical.

‍Follow Us on: Twitter, InstagramFacebook to get the latest security news!

By | 2024-12-09T23:38:44+05:30 December 6th, 2024|Internet Security, Remote code execution, Security Advisory, Security Update, vulnerability|

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!