SonicWall has released patches for several (six) vulnerabilities impacting its SMA 100 series SSL-VPN products. These flaws range from path traversal issues inherited from the Apache HTTP Server to critical buffer overflows and authentication bypasses, exposing devices to potential remote code execution and data breaches.
The first vulnerability is tracked as CVE-2024-38475 with a CVSS score of 7.5 is a Path traversal vulnerability – attributed to publicly known Apache HTTP Server vulnerability. Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to file system locations that are permitted to be served by the server.
The second vulnerability is tracked as CVE-2024-40763 with a CVSS score of 7.5 is a Heap-based buffer overflow vulnerability in the SonicWall SMA100 SSLVPN due to the use of strcpy. This allows remote authenticated attackers to cause Heap-based buffer overflow and potentially lead to code execution.
The third vulnerability is tracked as CVE-2024-45318 with a CVSS score of 8.1 is a Stack-based buffer overflow vulnerability in the SonicWall SMA100 SSLVPN web management interface allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution.
The fourth vulnerability is tracked as CVE-2024-45319 with a CVSS score of 6.3 is a Certificate-based authentication bypass vulnerability in the SonicWall SMA100 SSLVPN allows a remote authenticated attacker can circumvent the certificate requirement during authentication.
The fifth vulnerability is tracked as CVE-2024-53702 with a CVSS score of 5.3 is a Insecure randomness that uses Cryptographically Weak Pseudo-Random Number Generator (PRNG) in the SonicWall SMA100 SSLVPN backup code generator that, in certain cases, can be predicted by an attacker, potentially exposing the generated secret.
The fifth vulnerability is tracked as CVE-2024-53703 with a CVSS score of 8.1 is also a Stack-based buffer overflow vulnerability in the SonicWall SMA100 SSLVPN mod_httprp library loaded by the Apache web server allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution.
There is no evidence that these vulnerabilities are being exploited in the wild and SonicWall SSL VPN SMA1000 series products are not affected by these vulnerabilities.
SonicWall strongly advises users of the SMA 100 series products (SMA 200, 210, 400, 410, and 500v) to upgrade to the mentioned fixed release version to address these vulnerabilities.
