SonicWall has recently disclosed several vulnerabilities in its “SonicWall SSL-VPN SMA1000” and Connect Tunnel Windows Client. These vulnerabilities include a local privilege escalation flaw, a denial-of-service (DoS) attack vector, and a server-side request forgery (SSRF) exploit. Users of these products are strongly urged to update to the latest version to mitigate these risks.
“These vulnerabilities, if exploited, could significantly impact the security posture of any organization using these products,” stated SonicWall’s security advisory. “We recommend upgrading to the patched versions immediately.”
CVE-2024-45315: Link Following Denial-of-Service Vulnerability
The CVE-2024-45315 vulnerability affects SonicWall SSL-VPN SMA1000 Connect Tunnel Windows Client (version 12.4.3.271 and earlier). This improper link resolution before file access issue allows users with standard privileges to create arbitrary folders and files, potentially causing a local Denial-of-Service (DoS) attack.
- CVSS Score: 6.1
- CWE: 59 – Improper Link Resolution Before File Access
This vulnerability has been categorized as serious because, while requiring local access, it could lead to significant disruptions within affected systems.
CVE-2024-45316: Local Privilege Escalation Vulnerability
The CVE-2024-45316 vulnerability, also related to improper link resolution, allows users with standard privileges to delete arbitrary folders and files. This flaw can be leveraged to escalate privileges locally on the system. A successful attack could enable full control of the system.
- CVSS Score: 7.8
- CWE: 59 – Improper Link Resolution Before File Access
“SonicWall’s engineering team worked around the clock to resolve this vulnerability in order to protect our customers,” said a SonicWall spokesperson. “The patched version addresses this flaw by fixing the underlying file access logic.”
CVE-2024-45317: Unauthenticated Server-Side Request Forgery (SSRF) Vulnerability
The CVE-2024-45317 vulnerability, affecting SMA1000 12.4.x, is a Server-Side Request Forgery (SSRF) flaw. Unauthenticated attackers can trick the system into making requests to unintended IP addresses, potentially leading to data exposure or unauthorized access.
- CVSS Score: 7.2
- CWE: 918 – Server-Side Request Forgery (SSRF)
“While there is no evidence of these vulnerabilities being exploited in the wild, we strongly advise upgrading to the fixed version to stay protected,” SonicWall noted in its advisory.
Who is Affected by These Vulnerabilities?
The vulnerabilities affect:
- SMA1000 Connect Tunnel Windows (32-bit and 64-bit) Client versions 12.4.3.271 and earlier
- SMA1000 Appliance firmware versions 12.4.3-02676 and earlier
It’s important to note that Connect Tunnel Linux and Mac client versions are not impacted by these issues. If you are running affected versions, patching as soon as possible is critical to safeguarding your systems.
No Workaround Available – Patch Immediately
Unfortunately, there are no workarounds available for these vulnerabilities. SonicWall has released a patched version, SMA1000 Connect Tunnel Windows (32-bit and 64-bit) Client version 12.4.3.281 and higher, and SMA1000 Platform Hotfix – 12.4.3-02758, which can be downloaded from mysonicwall.com.
“It’s essential to upgrade to the latest version to eliminate the risk of these vulnerabilities,” SonicWall advised.
Steps to Protect Your System
To protect your system from SonicWall SSL-VPN SMA1000 vulnerabilities, follow these steps:
- Upgrade the Connect Tunnel Windows Client to version 12.4.3.281 or later.
- Apply the SMA1000 Platform Hotfix 12.4.3-02758 for enhanced security.
- Regularly monitor mysonicwall.com for any further updates or advisories.
By taking these steps, you can minimize the risk posed by these vulnerabilities and ensure the safety of your IT infrastructure.
