CRITICAL🇵🇱 Wersja polska

CVE-2024-22394

CVSS 9.8v3.1pub. 2024-02-08upd. 2024-11-21

An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could allow a remote attacker to bypass authentication.  This issue affects only firmware version SonicOS 7.1.1-7040.

🤖 AI Analysis
How it works

The vulnerability results from an error in the implementation of the authentication mechanism (CWE-287) in the SSL-VPN function of SonicOS. Under specific conditions, an attacker can send an appropriately crafted network request that will be processed bypassing user identity verification. The attack is possible remotely, over the network, without the need to possess any access credentials.

Impact

Successful exploitation of the vulnerability allows an unauthenticated attacker to gain unauthorized access to resources protected by SSL-VPN, which may lead to a violation of confidentiality, integrity, and system availability.

Mitigation & patch

Immediately update the firmware of SonicWall devices to a version higher than 7.1.1-7040, in accordance with the manufacturer's guidelines available at: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0003. Until the patch is applied, consider restricting access to the SSL-VPN interface only to trusted IP addresses.

Who is affected

SonicWall SonicOS version 7.1.1-7040 on devices: SonicWall NSA 2700, NSA 3700, NSA 4700, NSA 5700, and the SonicOS platform.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Sonicwall Nsa 2700

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Nsa 3700

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Nsa 4700

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Nsa 5700

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Nsa 6700

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Nssp 10700

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Nssp 11700

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Nssp 13700

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Nsv 270

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Nsv 470

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Nsv 870

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Sonicos

    OS
    Sonicwall
    7.1.1-7040
  • Sonicwall T2270

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Tz270w

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Tz370

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Tz370w

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Tz470

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Tz470w

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Tz570

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Tz570p

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Tz570w

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Tz670

    HW
    Sonicwall
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth BypassVPN
CWE
References

Related vulnerabilities

CVE-2024-53704CRITICAL9.8⚠ KEVPL ✓ten sam produkt

SonicWall SonicOS SSLVPN — pominięcie uwierzytelnienia (Auth Bypass)

CVE-2024-40766CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Nieprawidłowa kontrola dostępu w SonicWall SonicOS — RCE i crash firewalla

CVE-2020-5135CRITICAL9.8⚠ KEVten sam produkt

A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and poten...

CVE-2025-40600CRITICAL9.8PL ✓ten sam produkt

SonicOS SSL VPN: format string umożliwia zakłócenie usługi bez uwierzytelnienia

CVE-2024-3596CRITICAL9.0PL ✓ten sam produkt

Atak przez fałszowanie odpowiedzi w protokole RADIUS (RFC 2865) via kolizja MD5