PT-2024-31570 · Sonicwall · Sonicwall Sma100 Sslvpn

Alain Mowat

Published

2024-12-05

Updated

2024-12-06

CVE-2024-45319

CVSS v3.1

6.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions SonicWall SMA100 SSLVPN firmware versions 10.2.1.13-72sv and earlier

Description A vulnerability in the SonicWall SMA100 SSLVPN firmware allows a remote authenticated attacker to circumvent the certificate requirement during authentication. This issue enables a remote attacker to bypass authentication.

Recommendations For SonicWall SMA100 SSLVPN firmware versions 10.2.1.13-72sv and earlier, update to a version that includes a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798

Related Identifiers

CVE-2024-45319

Affected Products

Sonicwall Sma100 Sslvpn

PT-2024-31570 · Sonicwall · Sonicwall Sma100 Sslvpn

CVE-2024-45319

Weakness Enumeration

Related Identifiers

Affected Products

References · 6