CVE-2024-29011

Name of the Vulnerable Software and Affected Versions SonicWALL GMS versions 9.3.4 and earlier

Description The issue is related to the use of a hard-coded password in the GMS ECM endpoint, leading to an authentication bypass. This allows remote attackers to bypass authentication on affected installations of SonicWALL GMS Virtual Appliance without requiring any authentication.

Recommendations For versions 9.3.4 and earlier, consider disabling the ECM endpoint until a patch is available to prevent exploitation. Restrict access to the GMS ECM endpoint to minimize the risk of authentication bypass. At the moment, there is no information about a newer version that contains a fix for this vulnerability.