csaf_certbund - wid-sec-w-2025-0025

wid-sec-w-2025-0025

Vulnerability from csaf_certbund

Published

2025-01-07 23:00

Modified

2025-02-16 23:00

Summary

SonicWall SonicOS: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

SonicOS ist das Betriebssystem von SonicWall Firewall-Produkten.

Angriff

Ein lokaler oder entfernter anonymer Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, die Authentifizierung zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen.

Betroffene Betriebssysteme

- Sonstiges

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "SonicOS ist das Betriebssystem von SonicWall Firewall-Produkten.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler oder entfernter anonymer Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, die Authentifizierung zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-0025 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0025.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-0025 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0025"
      },
      {
        "category": "external",
        "summary": "Sonic Security Advisory vom 2025-01-07",
        "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0013"
      },
      {
        "category": "external",
        "summary": "Sonic Security Advisory vom 2025-01-07",
        "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003"
      },
      {
        "category": "external",
        "summary": "Sonic Security Advisory vom 2025-01-07",
        "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0004"
      },
      {
        "category": "external",
        "summary": "Arctic Wolf Blog vom 2025-02-16",
        "url": "https://arcticwolf.com/resources/blog/cve-2024-53704/"
      }
    ],
    "source_lang": "en-US",
    "title": "SonicWall SonicOS: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-02-16T23:00:00.000+00:00",
      "generator": {
        "date": "2025-02-17T09:12:18.129+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2025-0025",
      "initial_release_date": "2025-01-07T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-01-07T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-02-02T23:00:00.000+00:00",
          "number": "2",
          "summary": "PoC aufgenommen"
        },
        {
          "date": "2025-02-16T23:00:00.000+00:00",
          "number": "3",
          "summary": "CVE-2024-53704 wird ausgenutzt"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Gen7 \u003c7.0.1-5165",
                "product": {
                  "name": "SonicWall SonicOS Gen7 \u003c7.0.1-5165",
                  "product_id": "T040052"
                }
              },
              {
                "category": "product_version",
                "name": "Gen7 7.0.1-5165",
                "product": {
                  "name": "SonicWall SonicOS Gen7 7.0.1-5165",
                  "product_id": "T040052-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:sonicwall:sonicos:gen7__7.0.1-5165"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Gen7 \u003c7.1.3-7015",
                "product": {
                  "name": "SonicWall SonicOS Gen7 \u003c7.1.3-7015",
                  "product_id": "T040053"
                }
              },
              {
                "category": "product_version",
                "name": "Gen7 7.1.3-7015",
                "product": {
                  "name": "SonicWall SonicOS Gen7 7.1.3-7015",
                  "product_id": "T040053-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:sonicwall:sonicos:gen7__7.1.3-7015"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Gen6 NSv \u003c6.5.4.v-21s-RC2457",
                "product": {
                  "name": "SonicWall SonicOS Gen6 NSv \u003c6.5.4.v-21s-RC2457",
                  "product_id": "T040055"
                }
              },
              {
                "category": "product_version",
                "name": "Gen6 NSv 6.5.4.v-21s-RC2457",
                "product": {
                  "name": "SonicWall SonicOS Gen6 NSv 6.5.4.v-21s-RC2457",
                  "product_id": "T040055-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:sonicwall:sonicos:gen6_nsv__6.5.4.v-21s-rc2457"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Gen6 Hardware Firewalls \u003c6.5.5.1-6n",
                "product": {
                  "name": "SonicWall SonicOS Gen6 Hardware Firewalls \u003c6.5.5.1-6n",
                  "product_id": "T040056"
                }
              },
              {
                "category": "product_version_range",
                "name": "Gen6 Hardware Firewalls 6.5.5.1-6n",
                "product": {
                  "name": "SonicWall SonicOS Gen6 Hardware Firewalls 6.5.5.1-6n",
                  "product_id": "T040056-fixed"
                }
              },
              {
                "category": "product_version_range",
                "name": "TZ80 \u003c8.0.0-8037",
                "product": {
                  "name": "SonicWall SonicOS TZ80 \u003c8.0.0-8037",
                  "product_id": "T040057"
                }
              },
              {
                "category": "product_version",
                "name": "TZ80 8.0.0-8037",
                "product": {
                  "name": "SonicWall SonicOS TZ80 8.0.0-8037",
                  "product_id": "T040057-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:sonicwall:sonicos:tz80__8.0.0-8037"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SonicOS"
          }
        ],
        "category": "vendor",
        "name": "SonicWall"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-12803",
      "product_status": {
        "known_affected": [
          "T040053",
          "T040052",
          "T040057",
          "T040056",
          "T040055"
        ]
      },
      "release_date": "2025-01-07T23:00:00.000+00:00",
      "title": "CVE-2024-12803"
    },
    {
      "cve": "CVE-2024-12805",
      "product_status": {
        "known_affected": [
          "T040053",
          "T040052",
          "T040057",
          "T040056",
          "T040055"
        ]
      },
      "release_date": "2025-01-07T23:00:00.000+00:00",
      "title": "CVE-2024-12805"
    },
    {
      "cve": "CVE-2024-12806",
      "product_status": {
        "known_affected": [
          "T040053",
          "T040052",
          "T040057",
          "T040056",
          "T040055"
        ]
      },
      "release_date": "2025-01-07T23:00:00.000+00:00",
      "title": "CVE-2024-12806"
    },
    {
      "cve": "CVE-2024-40762",
      "product_status": {
        "known_affected": [
          "T040053",
          "T040052",
          "T040057",
          "T040056",
          "T040055"
        ]
      },
      "release_date": "2025-01-07T23:00:00.000+00:00",
      "title": "CVE-2024-40762"
    },
    {
      "cve": "CVE-2024-53704",
      "product_status": {
        "known_affected": [
          "T040053",
          "T040052",
          "T040057",
          "T040056",
          "T040055"
        ]
      },
      "release_date": "2025-01-07T23:00:00.000+00:00",
      "title": "CVE-2024-53704"
    },
    {
      "cve": "CVE-2024-53705",
      "product_status": {
        "known_affected": [
          "T040053",
          "T040052",
          "T040057",
          "T040056",
          "T040055"
        ]
      },
      "release_date": "2025-01-07T23:00:00.000+00:00",
      "title": "CVE-2024-53705"
    },
    {
      "cve": "CVE-2024-53706",
      "product_status": {
        "known_affected": [
          "T040053",
          "T040052",
          "T040057",
          "T040056",
          "T040055"
        ]
      },
      "release_date": "2025-01-07T23:00:00.000+00:00",
      "title": "CVE-2024-53706"
    },
    {
      "cve": "CVE-2024-40765",
      "product_status": {
        "known_affected": [
          "T040053",
          "T040052",
          "T040055"
        ]
      },
      "release_date": "2025-01-07T23:00:00.000+00:00",
      "title": "CVE-2024-40765"
    }
  ]
}

CVE-2024-40762 (GCVE-0-2024-40762)

Vulnerability from cvelistv5

Published

2025-01-09 06:43

Modified

2025-01-09 15:08

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Summary

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in the SonicOS SSLVPN authentication token generator that, in certain cases, can be predicted by an attacker potentially resulting in authentication bypass.

References

►

URL

Tags

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003

vendor-advisory

Impacted products

	Vendor	Product	Version
	SonicWall	SonicOS	Version: 7.1.1-7058 and older versions Version: 7.1.2-7019 Version: 8.0.0-8035

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-40762",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-09T15:07:45.484453Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-09T15:08:11.330Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "platforms": [
            "Gen7 Hardware",
            "Gen7 NSv",
            "TZ80"
          ],
          "product": "SonicOS",
          "vendor": "SonicWall",
          "versions": [
            {
              "status": "affected",
              "version": "7.1.1-7058 and older versions"
            },
            {
              "status": "affected",
              "version": "7.1.2-7019"
            },
            {
              "status": "affected",
              "version": "8.0.0-8035"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Daan Keuper, Thijs Alkemade and Khaled Nassar of Computest Security through Trend Micro (Zero Day Initiative)"
        }
      ],
      "datePublic": "2025-01-08T06:41:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUse of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in the SonicOS SSLVPN authentication token generator that, in certain cases, can be predicted by an attacker potentially resulting in authentication bypass.\u003c/span\u003e"
            }
          ],
          "value": "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in the SonicOS SSLVPN authentication token generator that, in certain cases, can be predicted by an attacker potentially resulting in authentication bypass."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-338",
              "description": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-09T06:43:25.000Z",
        "orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
        "shortName": "sonicwall"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003"
        }
      ],
      "source": {
        "advisory": "SNWLID-2025-0003",
        "discovery": "EXTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
    "assignerShortName": "sonicwall",
    "cveId": "CVE-2024-40762",
    "datePublished": "2025-01-09T06:43:25.000Z",
    "dateReserved": "2024-07-10T15:58:49.461Z",
    "dateUpdated": "2025-01-09T15:08:11.330Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-53706 (GCVE-0-2024-53706)

Vulnerability from cvelistv5

Published

2025-01-09 07:05

Modified

2025-01-09 15:31

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-269 - Improper Privilege Management

Summary

A vulnerability in the Gen7 SonicOS Cloud platform NSv, allows a remote authenticated local low-privileged attacker to elevate privileges to `root` and potentially lead to code execution.

References

►

URL

Tags

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003

vendor-advisory

Impacted products

	Vendor	Product	Version
	SonicWall	SonicOS	Version: 7.1.1-7058 and older versions Version: 7.1.2-7019

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-53706",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-09T14:59:32.676413Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-09T15:31:37.317Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "platforms": [
            "Gen7 NSv Cloud platform"
          ],
          "product": "SonicOS",
          "vendor": "SonicWall",
          "versions": [
            {
              "status": "affected",
              "version": "7.1.1-7058 and older versions"
            },
            {
              "status": "affected",
              "version": "7.1.2-7019"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Daan Keuper, Thijs Alkemade and Khaled Nassar of Computest Security through Trend Micro (Zero Day Initiative)"
        }
      ],
      "datePublic": "2025-01-08T06:51:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA vulnerability in the Gen7 SonicOS Cloud platform NSv, allows a remote authenticated local low-privileged attacker to elevate privileges to `root` and potentially lead to code execution.\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e"
            }
          ],
          "value": "A vulnerability in the Gen7 SonicOS Cloud platform NSv, allows a remote authenticated local low-privileged attacker to elevate privileges to `root` and potentially lead to code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269 Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-09T07:05:11.185Z",
        "orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
        "shortName": "sonicwall"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003"
        }
      ],
      "source": {
        "advisory": "SNWLID-2025-0003",
        "discovery": "EXTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
    "assignerShortName": "sonicwall",
    "cveId": "CVE-2024-53706",
    "datePublished": "2025-01-09T07:05:11.185Z",
    "dateReserved": "2024-11-22T09:54:04.964Z",
    "dateUpdated": "2025-01-09T15:31:37.317Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-12803 (GCVE-0-2024-12803)

Vulnerability from cvelistv5

Published

2025-01-09 07:21

Modified

2025-01-17 02:16

Severity ?

7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-121 - Stack-based Buffer Overflow

Summary

A post-authentication stack-based buffer overflow vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution.

References

►

URL

Tags

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0004

vendor-advisory

Impacted products

	Vendor	Product	Version
	SonicWall	SonicOS	Version: 6.5.4.15-117n and older versions Version: 7.0.1-5161 and older version Version: 7.1.2-7019 Version: 8.0.0-8035

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.2,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "HIGH",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-12803",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-09T14:55:27.671235Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-17T02:16:09.661Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "platforms": [
            "Gen6 Hardware",
            "Gen7 Hardware",
            "Gen7 NSv",
            "TZ80"
          ],
          "product": "SonicOS",
          "vendor": "SonicWall",
          "versions": [
            {
              "status": "affected",
              "version": "6.5.4.15-117n and older versions"
            },
            {
              "status": "affected",
              "version": "7.0.1-5161 and older version"
            },
            {
              "status": "affected",
              "version": "7.1.2-7019"
            },
            {
              "status": "affected",
              "version": "8.0.0-8035"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Catalpa of DBappSecurity Co. Ltd."
        }
      ],
      "datePublic": "2025-01-08T07:14:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA post-authentication stack-based buffer overflow vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution.\u003c/span\u003e"
            }
          ],
          "value": "A post-authentication stack-based buffer overflow vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-09T07:21:53.799Z",
        "orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
        "shortName": "sonicwall"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0004"
        }
      ],
      "source": {
        "advisory": "SNWLID-2025-0004",
        "discovery": "EXTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
    "assignerShortName": "sonicwall",
    "cveId": "CVE-2024-12803",
    "datePublished": "2025-01-09T07:21:53.799Z",
    "dateReserved": "2024-12-19T16:22:45.706Z",
    "dateUpdated": "2025-01-17T02:16:09.661Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-12806 (GCVE-0-2024-12806)

Vulnerability from cvelistv5

Published

2025-01-09 07:28

Modified

2025-01-17 02:17

Severity ?

4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-37 - Path Traversal: '/absolute/pathname/here'

Summary

A post-authentication absolute path traversal vulnerability in SonicOS management allows a remote attacker to read an arbitrary file.

References

►

URL

Tags

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0004

vendor-advisory

Impacted products

	Vendor	Product	Version
	SonicWall	SonicOS	Version: 6.5.4.15-117n and older versions Version: 7.0.1-5161 and older version Version: 7.1.2-7019 Version: 8.0.0-8035

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 4.9,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "HIGH",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-12806",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-09T20:17:04.720308Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-17T02:17:43.603Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "platforms": [
            "Gen6 Hardware",
            "Gen7 Hardware",
            "Gen7 NSv",
            "TZ80"
          ],
          "product": "SonicOS",
          "vendor": "SonicWall",
          "versions": [
            {
              "status": "affected",
              "version": "6.5.4.15-117n and older versions"
            },
            {
              "status": "affected",
              "version": "7.0.1-5161 and older version"
            },
            {
              "status": "affected",
              "version": "7.1.2-7019"
            },
            {
              "status": "affected",
              "version": "8.0.0-8035"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Catalpa of DBappSecurity Co. Ltd."
        }
      ],
      "datePublic": "2025-01-08T07:18:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA post-authentication absolute path traversal vulnerability in SonicOS management allows a remote attacker to read an arbitrary file.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e"
            }
          ],
          "value": "A post-authentication absolute path traversal vulnerability in SonicOS management allows a remote attacker to read an arbitrary file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-37",
              "description": "CWE-37 Path Traversal: \u0027/absolute/pathname/here\u0027",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-09T07:28:13.844Z",
        "orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
        "shortName": "sonicwall"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0004"
        }
      ],
      "source": {
        "advisory": "SNWLID-2025-0004",
        "discovery": "EXTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
    "assignerShortName": "sonicwall",
    "cveId": "CVE-2024-12806",
    "datePublished": "2025-01-09T07:28:13.844Z",
    "dateReserved": "2024-12-19T16:36:12.999Z",
    "dateUpdated": "2025-01-17T02:17:43.603Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-53704 (GCVE-0-2024-53704)

Vulnerability from cvelistv5

Published

2025-01-09 06:52

Modified

2025-07-30 01:36

Severity ?

8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

CWE

CWE-287 - Improper Authentication

Summary

An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.

References

►

URL

Tags

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003

vendor-advisory

Impacted products

	Vendor	Product	Version
	SonicWall	SonicOS	Version: 7.1.1-7058 and older versions Version: 7.1.2-7019 Version: 8.0.0-8035

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.2,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "LOW",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-53704",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-19T04:55:11.755621Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2025-02-18",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-53704"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-30T01:36:22.552Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "timeline": [
          {
            "lang": "en",
            "time": "2025-02-18T00:00:00+00:00",
            "value": "CVE-2024-53704 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "platforms": [
            "Gen7 Hardware",
            "Gen7 NSv",
            "TZ80"
          ],
          "product": "SonicOS",
          "vendor": "SonicWall",
          "versions": [
            {
              "status": "affected",
              "version": "7.1.1-7058 and older versions"
            },
            {
              "status": "affected",
              "version": "7.1.2-7019"
            },
            {
              "status": "affected",
              "version": "8.0.0-8035"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Daan Keuper, Thijs Alkemade and Khaled Nassar of Computest Security through Trend Micro (Zero Day Initiative)"
        }
      ],
      "datePublic": "2025-01-08T06:46:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.\u003c/span\u003e"
            }
          ],
          "value": "An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287 Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-09T06:52:16.771Z",
        "orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
        "shortName": "sonicwall"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003"
        }
      ],
      "source": {
        "advisory": "SNWLID-2025-0003",
        "discovery": "EXTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
    "assignerShortName": "sonicwall",
    "cveId": "CVE-2024-53704",
    "datePublished": "2025-01-09T06:52:16.771Z",
    "dateReserved": "2024-11-22T09:54:04.964Z",
    "dateUpdated": "2025-07-30T01:36:22.552Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-12805 (GCVE-0-2024-12805)

Vulnerability from cvelistv5

Published

2025-01-09 07:24

Modified

2025-01-17 02:15

Severity ?

7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-134 - Use of Externally-Controlled Format String

Summary

A post-authentication format string vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution.

References

►

URL

Tags

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0004

vendor-advisory

Impacted products

	Vendor	Product	Version
	SonicWall	SonicOS	Version: 6.5.4.15-117n and older versions Version: 7.0.1-5161 and older version Version: 7.1.2-7019 Version: 8.0.0-8035

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.2,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "HIGH",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-12805",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-09T14:54:16.425901Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-17T02:15:26.594Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "platforms": [
            "Gen6 Hardware",
            "Gen7 Hardware",
            "Gen7 NSv",
            "TZ80"
          ],
          "product": "SonicOS",
          "vendor": "SonicWall",
          "versions": [
            {
              "status": "affected",
              "version": "6.5.4.15-117n and older versions"
            },
            {
              "status": "affected",
              "version": "7.0.1-5161 and older version"
            },
            {
              "status": "affected",
              "version": "7.1.2-7019"
            },
            {
              "status": "affected",
              "version": "8.0.0-8035"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Catalpa of DBappSecurity Co. Ltd."
        }
      ],
      "datePublic": "2025-01-08T07:14:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA post-authentication format string vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution.\u003c/span\u003e\n\n\u003c/span\u003e"
            }
          ],
          "value": "A post-authentication format string vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-134",
              "description": "CWE-134 Use of Externally-Controlled Format String",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-09T07:24:12.357Z",
        "orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
        "shortName": "sonicwall"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0004"
        }
      ],
      "source": {
        "advisory": "SNWLID-2025-0004",
        "discovery": "EXTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
    "assignerShortName": "sonicwall",
    "cveId": "CVE-2024-12805",
    "datePublished": "2025-01-09T07:24:12.357Z",
    "dateReserved": "2024-12-19T16:36:08.986Z",
    "dateUpdated": "2025-01-17T02:15:26.594Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-40765 (GCVE-0-2024-40765)

Vulnerability from cvelistv5

Published

2025-01-09 07:12

Modified

2025-01-09 14:58

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-190 - Integer Overflow or Wraparound

Summary

An Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a specially crafted IKEv2 payload.

References

►

URL

Tags

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0013

vendor-advisory

Impacted products

	Vendor	Product	Version
	SonicWall	SonicOS	Version: 6.5.4.4-44v-21-2395 and older versions Version: 7.0.1-5151 and older versions Version: 7.1.1-7051 and older versions

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-40765",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-09T14:57:15.059169Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-09T14:58:28.792Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "platforms": [
            "Gen6 NSv",
            "Gen7 Hardware",
            "Gen7 NSv"
          ],
          "product": "SonicOS",
          "vendor": "SonicWall",
          "versions": [
            {
              "status": "affected",
              "version": "6.5.4.4-44v-21-2395 and older versions"
            },
            {
              "status": "affected",
              "version": "7.0.1-5151 and older versions"
            },
            {
              "status": "affected",
              "version": "7.1.1-7051 and older versions"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Yue Liu \u0026 n3k from TIANGONG Team of Legendsec at QI-ANXIN Group"
        }
      ],
      "datePublic": "2025-01-08T07:06:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a specially crafted IKEv2 payload.\u003c/span\u003e"
            }
          ],
          "value": "An Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a specially crafted IKEv2 payload."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190 Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-09T07:12:40.644Z",
        "orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
        "shortName": "sonicwall"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0013"
        }
      ],
      "source": {
        "advisory": "SNWLID-2024-0013",
        "discovery": "EXTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
    "assignerShortName": "sonicwall",
    "cveId": "CVE-2024-40765",
    "datePublished": "2025-01-09T07:12:40.644Z",
    "dateReserved": "2024-07-10T15:58:49.462Z",
    "dateUpdated": "2025-01-09T14:58:28.792Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-53705 (GCVE-0-2024-53705)

Vulnerability from cvelistv5

Published

2025-01-09 06:58

Modified

2025-01-09 15:03

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE

CWE-918 - Server-Side Request Forgery (SSRF)

Summary

A Server-Side Request Forgery vulnerability in the SonicOS SSH management interface allows a remote attacker to establish a TCP connection to an IP address on any port when the user is logged in to the firewall.

References

►

URL

Tags

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003

vendor-advisory

Impacted products

	Vendor	Product	Version
	SonicWall	SonicOS	Version: 6.5.4.15-117n and older versions Version: 7.0.1-5161 and older versions Version: 7.1.1-7058 and older versions Version: 7.1.2-7019 Version: 8.0.0-8035

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-53705",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-09T15:03:01.313230Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-09T15:03:52.395Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "platforms": [
            "Gen7 Hardware",
            "Gen7 NSv",
            "TZ80",
            "Gen6 Hardware"
          ],
          "product": "SonicOS",
          "vendor": "SonicWall",
          "versions": [
            {
              "status": "affected",
              "version": "6.5.4.15-117n and older versions"
            },
            {
              "status": "affected",
              "version": "7.0.1-5161 and older versions"
            },
            {
              "status": "affected",
              "version": "7.1.1-7058 and older versions"
            },
            {
              "status": "affected",
              "version": "7.1.2-7019"
            },
            {
              "status": "affected",
              "version": "8.0.0-8035"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Daan Keuper, Thijs Alkemade and Khaled Nassar of Computest Security through Trend Micro (Zero Day Initiative)"
        }
      ],
      "datePublic": "2025-01-08T06:49:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA Server-Side Request Forgery vulnerability in the SonicOS SSH management interface allows a remote attacker to establish a TCP connection to an IP address on any port when the user is logged in to the firewall.\u003c/span\u003e\n\n\u003c/span\u003e"
            }
          ],
          "value": "A Server-Side Request Forgery vulnerability in the SonicOS SSH management interface allows a remote attacker to establish a TCP connection to an IP address on any port when the user is logged in to the firewall."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-918",
              "description": "CWE-918 Server-Side Request Forgery (SSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-09T06:58:40.573Z",
        "orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
        "shortName": "sonicwall"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003"
        }
      ],
      "source": {
        "advisory": "SNWLID-2025-0003",
        "discovery": "EXTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
    "assignerShortName": "sonicwall",
    "cveId": "CVE-2024-53705",
    "datePublished": "2025-01-09T06:58:40.573Z",
    "dateReserved": "2024-11-22T09:54:04.964Z",
    "dateUpdated": "2025-01-09T15:03:52.395Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

wid-sec-w-2025-0025

Vulnerability from csaf_certbund

CVE-2024-40762 (GCVE-0-2024-40762)

Vulnerability from cvelistv5

CVE-2024-53706 (GCVE-0-2024-53706)

Vulnerability from cvelistv5

CVE-2024-12803 (GCVE-0-2024-12803)

Vulnerability from cvelistv5

CVE-2024-12806 (GCVE-0-2024-12806)

Vulnerability from cvelistv5

CVE-2024-53704 (GCVE-0-2024-53704)

Vulnerability from cvelistv5

CVE-2024-12805 (GCVE-0-2024-12805)

Vulnerability from cvelistv5

CVE-2024-40765 (GCVE-0-2024-40765)

Vulnerability from cvelistv5

CVE-2024-53705 (GCVE-0-2024-53705)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature