Multiple Vulnerabilities Found in SonicWall SSL-VPN SMA1000 and Connect Tunnel Windows Client

SonicWall has released security updates to address multiple vulnerabilities affecting its SMA 1000 series SSL-VPN appliances and the associated Connect Tunnel Windows client. These flaws could allow attackers to launch denial-of-service attacks, escalate privileges, and even execute arbitrary code on vulnerable systems.

The vulnerabilities, discovered by security researchers Hashim Jawad and Wenjie Zhong, are detailed in a recent SonicWall security advisory. The most severe of these is CVE-2024-45316, a “Link Following Local Privilege Escalation Vulnerability” with a CVSS score of 7.8. This vulnerability allows attackers with standard user privileges to “delete arbitrary folders and files,” potentially leading to complete control of the system.

“The Improper link resolution before file access (‘Link Following’) vulnerability in SonicWall Connect Tunnel (version 12.4.271 and earlier of Windows client) allows users with standard privileges to delete arbitrary folders and files, potentially leading to local privilege escalation attack,” the advisory states.

Another critical flaw, CVE-2024-45317, is an “Unauthenticated SMA1000 12.4.x Server-Side Request Forgery (SSRF) Vulnerability” with a CVSS score of 7.2. This vulnerability enables attackers to “cause the server-side application to make requests to an unintended IP address,” potentially exposing sensitive internal resources or facilitating further attacks.

The third vulnerability, tracked as CVE-2024-45315, affects the Windows client of SonicWall Connect Tunnel, particularly version 12.4.271 and earlier. This flaw is rooted in improper link resolution before file access, commonly referred to as a ‘Link Following‘ vulnerability. It allows attackers with standard privileges to create arbitrary folders and files, which could result in a local Denial-of-Service (DoS) attack.

While SonicWall has not yet observed any active exploitation of these vulnerabilities in the wild, the company “strongly advises SSLVPN SMA 1000 series product and Connect Tunnel client users to upgrade to the mentioned fixed-release version.” This includes upgrading the SMA1000 Connect Tunnel Windows client to version 12.4.3.281 or higher and applying the SMA1000 Platform Hotfix – 12.4.3-02758 to affected appliances.

It’s important to note that these vulnerabilities do not affect the SMA 100 series products, Connect Tunnel Linux clients, or Connect Tunnel Mac clients.

Related Posts:

• CVE-2024-21762 (CVSS 9.6): FortiOS SSL-VPN Zero-Day Pre-Auth RCE Flaw
• CVE-2022-42475: Actively Exploited Vulnerability Found in Fortinet FortiOS
• CVE-2024-22394 Exposed: SonicWall SSL-VPN’s Authentication Flaw
• Malware Exploiting IoT Devices on the Rise, SonicWall Warns
• Stealthy New Golang Trojan Exploits Fake Certificates for Evasive Communication