SonicWall has released bug fixes to address multiple vulnerabilities affecting its SMA 1000 series SSL-VPN appliances and the associated Connect Tunnel Windows client. These flaws, if exploited, could allow attackers to launch denial-of-service attacks, escalate privileges, and even execute arbitrary code on vulnerable systems.
The most severe vulnerability tracked as CVE-2024-45316 with a CVSS score of 7.8, a Link Following Local Privilege Escalation Vulnerability. This vulnerability allows attackers with standard user privileges to “delete arbitrary folders and files,” potentially leading to complete control of the system.
The second vulnerability tracked as CVE-2024-45317 with a CVSS score of 7.2 is an unauthenticated SMA1000 12.4.x Server-Side Request Forgery Vulnerability. This vulnerability enables attackers to cause the server-side application to make requests to an unintended IP address, potentially exposing sensitive internal resources or facilitating further attacks.
The third and final vulnerability, tracked as CVE-2024-45315, with a CVSS score of 6.1, affects the Windows client of SonicWall Connect Tunnel. This flaw is rooted in improper link resolution before file access that allows attackers with standard privileges to create arbitrary folders and files, which could result in a local Denial-of-Service (DoS) attack.
SonicWall says that it has not observed any active exploitation of these vulnerabilities in the wild and recommended that SSLVPN SMA 1000 series product and Connect Tunnel client users upgrade to the mentioned fixed-release version. This includes upgrading the SMA1000 Connect Tunnel Windows client to version 12.4.3.281 or higher and applying the SMA1000 Platform Hotfix – 12.4.3-02758 to affected appliances.
