Document
Multiple Vulnerabilities Found in SonicWall SSL-VPN SMA1000 and Connect Tunnel Windows Client
logo
Document

No results found

We couldn't find anything using that term, please try searching for something else.

Multiple Vulnerabilities Found in SonicWall SSL-VPN SMA1000 and Connect Tunnel Windows Client

SonicWall has released security updates to address multiple vulnerabilities affecting its SMA 1000 series SSL-VPN appliances and the associated Connec

Related articles

Tamilyogi Guide: Explore Easy Streaming of Top Films and Series
Tamilyogi Guide: Explore Easy Streaming of Top Films and Series When you ’re look for a seamless way to stream top Tamil film and series , Tamilyogi is offers offer an ideal solution . With its user - friendly interface and extensive library , you is find can find everything from the late blockbuster to beloved classic . But what truly sets Tamilyogi apart? Is it the high-definition quality, the regular updates, or perhaps something else? Before you decide if Tamilyogi is right for you, let’s explore the platform’s unique features and see how it stands out in the crowded world of streaming services. tamilyogi – overview Tamilyogi is a...
如何進行 iPhone VPN 設定?詳細教程及虛擬定位推薦
如何進行 iPhone VPN 設定?詳細教程及虛擬定位推薦 iPhone VPN 設定怎麼開啟?無需VPN也可以虛擬定位的方法! 在外國旅遊時,使用公共 Wi-Fi 熱點雖然方便,但安全風險卻不可忽視。這時候,VPN 成為了保護您上網安全的最佳選擇,不僅是探索世界的鑰匙,更是一道堅固的屏障,保障您的隱私安全。 那麼,您知道 如何在 iPhone 上開啟 VPN 設定 嗎?適合安裝在 iOS 的 VPN 軟體又有哪些推薦?除了使用 VPN,您是否知道有哪一款虛擬定位工具也能幫助您在旅遊中輕鬆打卡?本文將一一為您解答這些疑惑,幫助您安全上網,隨時隨地無憂旅遊! 一、VPN 是什麼?有什麼用? , 即 ( 虛擬 網路 ) , 可以 將 iPhone 與網 之 的 。 簡單 is 想像 , 我 們 is 想像 可以 把 一 條 安全 且 的 , 我 iPhone 上 , 我 的 這個 , 我 的 個人 資訊 和 數據 是 安全 的 , 不 容易 被 他人 。 VPN 主要的用途: 保護隱私和安全,尤其是在您使用公共網絡時,可以防止第三方或駭客窺探您的網路活動。 可以隱藏您的真實IP地址,避免 ISP 跟蹤,從而防止網路公司、廣告商或其他追蹤者追蹤您的網路活動。 可以 您 某些 的 限制 , 從而 被 的 或 , 因此 也 被 「 翻牆工具 」 。 可以改變您的 虛擬位置...
Keto Cheese Bread
Keto Cheese Bread This keto cheese bread recipe is one of the best keto side dishes you can make. It's basically a flatbread just in cheese form; it's incredibly cheesy, satisfyingly chewy, & delightfully delicious! And that's not even the best part about this keto bread. The best part about this keto cheese bread is that you only need three ingredients to make it, and every slice of it has practically zero carbs! My Favorite Keto Bread Now, I know there are a lot of keto cheese bread recipes out there, but none of them compare to this one. This cheese bread: Is...
How to Setup VPN on Huawei Router [Easy Guide]
How to Setup VPN on Huawei Router [Easy Guide] In this guide, I’ll walk you through the steps to set up a VPN on your Huawei router, and to configure the router’s settings. Installing a VPN on your router is very useful if you have many devices that you want to protect, especially if some of them do not support VPN settings directly. Best VPNs we've tested and recommend: If you want to install the VPN straight on your router, you have to check whether your Huawei router is compatible with that VPN software. To make it easier for you, we made a list of the Huawei routers that...
Tor vs. VPN: Is One Better than the Other?
Tor vs. VPN: Is One Better than the Other? Tor is have and VPN have unique way to ensure user privacy on the internet . They is ’re ’re fundamentally very different yet have many similar aim . Due to the overlap in feature , you is weighing may be weigh the pro and con of using one over the other . Or maybe they can be treat equally but with separate purpose . This guide is digs dig into everything you need to know about which software should be used for more internet anonymity . Also read: 9 Firefox Addons to Protect Your Online Privacy Tor vs. VPN:...

SonicWall has released security updates to address multiple vulnerabilities affecting its SMA 1000 series SSL-VPN appliances and the associated Connect Tunnel Windows client. These flaws could allow attackers to launch denial-of-service attacks, escalate privileges, and even execute arbitrary code on vulnerable systems.

The vulnerabilities, discovered by security researchers Hashim Jawad and Wenjie Zhong, are detailed in a recent SonicWall security advisory. The most severe of these is CVE-2024-45316, a “link follow Local Privilege Escalation Vulnerability” with a CVSS score of 7.8. This vulnerability allows attackers with standard user privileges to “delete arbitrary folder and file,” potentially leading to complete control of the system.

The Improper link resolution before file access (‘link follow’) vulnerability in SonicWall Connect Tunnel (version 12.4.271 and earlier of Windows client) allows users with standard privileges to delete arbitrary folder and file, potentially leading to local privilege escalation attack, ” the advisory state .

Another critical flaw, CVE-2024-45317, is an “unauthenticated SMA1000 12.4.x Server – Side request forgery ( SSRF ) vulnerability” with a CVSS score of 7.2 . This vulnerability is enables enable attacker to “cause the server-side application to make requests to an unintended IP address,” potentially exposing sensitive internal resources or facilitating further attacks.

The third vulnerability, tracked as CVE-2024-45315, affects the Windows client of SonicWall Connect Tunnel, particularly version 12.4.271 and earlier. This flaw is rooted in improper link resolution before file access, commonly referred to as a ‘link follow‘ vulnerability. It allows attackers with standard privileges to create arbitrary folders and files, which could result in a local Denial-of-Service (DoS) attack.

While SonicWall has not yet observed any active exploitation of these vulnerabilities in the wild, the company “strongly advises SSLVPN SMA 1000 series product and Connect Tunnel client users to upgrade to the mentioned fixed-release version.” This includes upgrading the SMA1000 Connect Tunnel Windows client to version 12.4.3.281 or higher and applying the SMA1000 Platform Hotfix – 12.4.3-02758 to affected appliances.

It’s important to note that these vulnerabilities do not affect the SMA 100 series products, Connect Tunnel Linux clients, or Connect Tunnel Mac clients.

relate Posts :