PT-2024-5391 · Sonicwall · Sonicwall Netextender+1
Published
2024-03-14
·
Updated
2024-12-04
·
CVE-2024-29014
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SonicWall NetExtender versions 10.2.339 and earlier
Description
The issue is related to incorrect code generation management in the Enable Client Autoupdate service of the Remote Access End Point Control (EPC) in SonicWall NetExtender. This can allow a remote attacker to execute arbitrary code when processing an EPC Client update. The vulnerability is associated with the SonicWall SMA 100 and can be exploited to gain remote code execution as SYSTEM.
Recommendations
For SonicWall NetExtender versions 10.2.339 and earlier, update to a version later than 10.2.339 to resolve the issue.
At the moment, there is no information about additional mitigation measures for this specific vulnerability.
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sonicwall Netextender
Sonicwall Sma100