SonicWall this week announced patches for multiple vulnerabilities in the SMA100 SSL-VPN secure access gateway, including high-severity flaws leading to remote code execution (RCE).
The most severe of these issues are two buffer overflow bugs affecting the web management interface and a library loaded by the Apache web server.
Tracked as CVE-2024-45318 and CVE-2024-53703, (CVSS score of 8.1), the two issues allow remote attackers to cause stack-based buffer overflows, which could potentially lead to code execution.
Next in line is CVE-2024-40763, a heap-based buffer overflow defect that exists due to the use of the ‘strcpy’ function, and which could also lead to RCE. Successful exploitation of the vulnerability requires authentication, SonicWall notes in its advisory.
The company also patched CVE-2024-38475, a path traversal flaw in Apache HTTP Server that could allow an attacker “to map URLs to file system locations that are permitted to be served by the server”.
Additionally, it resolved CVE-2024-45319, a high-severity authentication bypass bug that could allow a remote, authenticated attacker to circumvent certificate requirements during authentication.
The SMA100 SSLVPN backup code generator, SonicWall notes, was found to use a cryptographically weak pseudo-random number generator (PRNG) that could be predicted by an attacker. The bug is tracked as CVE-2024-53702.
The vulnerabilities affect SMA 100 series appliances running firmware version 10.2.1.13-72sv and earlier versions, and were addressed in firmware version 10.2.1.14-75sv. The SMA1000 SSL VPN series products are not affected.
SonicWall says it has no evidence that any of these vulnerabilities has been exploited in the wild. Users are advised to update their appliances as soon as possible, as attackers are known to have targeted SonicWall vulnerabilities for which patches have been released.
Related: CISA Warns of Zyxel Firewall Vulnerability Exploited in Attacks
Related: Securing the Chaos – Harnessing Dispersed Multi-Cloud, Hybrid Environments
Related: PrestaShop Confirms Zero Day Attacks Hitting eCommerce Servers
Related: Authentication Bypass Vulnerability Patched in Bouncy Castle Library
