Summary
3 vulnerabilities, 2 of which are high severity, have been discovered in SonicWall Secure Mobile Access (SMA) 1000 products. These vulnerabilities, if exploited, could allow an attacker to bypass security mechanisms and elevate user privileges on affected devices.
Risk
Vulnerability Community Impact Estimate: MEDIUM/YELLOW (63.84/100)1.
Type
- Privilege Escalation
- Security Restrictions Bypass
Affected Products and/or Versions
- SMA1000 Connect Tunnel Client for Windows (32-bit and 64-bit), version 12.4.3.271 and earlier
- SMA1000 Appliance, firmware version 12.4.3-02676 and earlier
Note: The vulnerabilities do not affect Connect Tunnel Client versions for Linux and macOS.
Mitigation Actions
In line with vendor statements, it is recommended to update vulnerable products to the latest available versions.
Unique Vulnerability Identifiers
The following are the CVEs for “High” severity vulnerabilities only:
References
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0017
1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.