Cybersecurity company SonicWall has issued a partner notification confirming six vulnerabilities in its products, namely:
- Path Traversal vulnerability (CVE-2024-38475);
- Heap Buffer Overflow vulnerability (CVE-2024-40763);
- Stack Buffer Overflow vulnerability (CVE-2024-45318);
- Apache stack-based buffer overflow vulnerability (CVE-2024-53703);
- Certificate based authentication could be bypassed vulnerability (CVE-2024-45319); and
- Insecure Randomness vulnerability (CVE-2024-53702).
Each has the following CVSS score:
- Path Traversal vulnerability. 7.5 (high);
- Heap Buffer Overflow vulnerability. 7.5 (high);
- Stack Buffer Overflow vulnerability. 8.1 (high);
- Apache stack-based buffer overflow vulnerability. 8.1 (high);
- Certificate based authentication could be bypassed vulnerability. 6.3 (medium); and
- Insecure Randomness vulnerability. 5.3 (medium).
SonicWall says the vulnerabilities only impact SonicWall SMA 100 series, including SMA 500v, 200, 210, 400, 410 appliances. There is no impact on SonicWall Firewall or SMA 1000 Series- virtual or hardware platforms.
While the company says there is no evidence that these vulnerabilities are being exploited in the wild, they are strongly urging organisations using older versions of SonicWall firmware to follow the guidance provided by SonicWall PSIRT and upgrade as soon as possible.
