SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

SonicWall Patches 6 Vulnerabilities in Secure Access Gateway

SonicWall has released patches for multiple high-severity flaws in the SMA100 SSL-VPN secure access gateway.

SonicWall this week announced patches for multiple vulnerabilities in the SMA100 SSL-VPN secure access gateway, including high-severity flaws leading to remote code execution (RCE).

The most severe of these issues are two buffer overflow bugs affecting the web management interface and a library loaded by the Apache web server.

Tracked as CVE-2024-45318 and CVE-2024-53703, (CVSS score of 8.1), the two issues allow remote attackers to cause stack-based buffer overflows, which could potentially lead to code execution.

Next in line is CVE-2024-40763, a heap-based buffer overflow defect that exists due to the use of the ‘strcpy’ function, and which could also lead to RCE. Successful exploitation of the vulnerability requires authentication, SonicWall notes in its advisory.

The company also patched CVE-2024-38475, a path traversal flaw in Apache HTTP Server that could allow an attacker “to map URLs to file system locations that are permitted to be served by the server”.

Additionally, it resolved CVE-2024-45319, a high-severity authentication bypass bug that could allow a remote, authenticated attacker to circumvent certificate requirements during authentication.

Advertisement. Scroll to continue reading.

The SMA100 SSLVPN backup code generator, SonicWall notes, was found to use a cryptographically weak pseudo-random number generator (PRNG) that could be predicted by an attacker. The bug is tracked as CVE-2024-53702.

The vulnerabilities affect SMA 100 series appliances running firmware version 10.2.1.13-72sv and earlier versions, and were addressed in firmware version 10.2.1.14-75sv. The SMA1000 SSL VPN series products are not affected.

SonicWall says it has no evidence that any of these vulnerabilities has been exploited in the wild. Users are advised to update their appliances as soon as possible, as attackers are known to have targeted SonicWall vulnerabilities for which patches have been released.

Related: CISA Warns of Zyxel Firewall Vulnerability Exploited in Attacks

Related: Securing the Chaos – Harnessing Dispersed Multi-Cloud, Hybrid Environments

Related: PrestaShop Confirms Zero Day Attacks Hitting eCommerce Servers

Related: Authentication Bypass Vulnerability Patched in Bouncy Castle Library

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

More from

Latest News

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Webinar: A Step-by-Step Approach to AI Governance
April 28, 2026

With "Shadow AI" usage becoming prevalent in organizations, learn how to balance the need for rapid experimentation with the rigorous controls required for enterprise-grade deployment.

Register

Virtual Event: Threat Detection and Incident Response Summit
May 20, 2026

Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization.

Register

People on the Move

Chris Sistrunk has been promoted to Practice Leader for Mandiant's OT Security Consulting.

Nudge Security has appointed Patrick Dillon as its Chief Revenue Officer.

AutoNation has appointed Brian Fricke as Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.