An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could allow a remote attacker to bypass authentication. This issue affects only firmware version SonicOS 7.1.1-7040.
The vulnerability results from an error in the implementation of the authentication mechanism (CWE-287) in the SSL-VPN function of SonicOS. Under specific conditions, an attacker can send an appropriately crafted network request that will be processed bypassing user identity verification. The attack is possible remotely, over the network, without the need to possess any access credentials.
Successful exploitation of the vulnerability allows an unauthenticated attacker to gain unauthorized access to resources protected by SSL-VPN, which may lead to a violation of confidentiality, integrity, and system availability.
Immediately update the firmware of SonicWall devices to a version higher than 7.1.1-7040, in accordance with the manufacturer's guidelines available at: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0003. Until the patch is applied, consider restricting access to the SSL-VPN interface only to trusted IP addresses.
SonicWall SonicOS version 7.1.1-7040 on devices: SonicWall NSA 2700, NSA 3700, NSA 4700, NSA 5700, and the SonicOS platform.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HSonicwall Nsa 2700
HWSonicwallwszystkie wersjeSonicwall Nsa 3700
HWSonicwallwszystkie wersjeSonicwall Nsa 4700
HWSonicwallwszystkie wersjeSonicwall Nsa 5700
HWSonicwallwszystkie wersjeSonicwall Nsa 6700
HWSonicwallwszystkie wersjeSonicwall Nssp 10700
HWSonicwallwszystkie wersjeSonicwall Nssp 11700
HWSonicwallwszystkie wersjeSonicwall Nssp 13700
HWSonicwallwszystkie wersjeSonicwall Nsv 270
HWSonicwallwszystkie wersjeSonicwall Nsv 470
HWSonicwallwszystkie wersjeSonicwall Nsv 870
HWSonicwallwszystkie wersjeSonicwall Sonicos
OSSonicwall7.1.1-7040Sonicwall T2270
HWSonicwallwszystkie wersjeSonicwall Tz270w
HWSonicwallwszystkie wersjeSonicwall Tz370
HWSonicwallwszystkie wersjeSonicwall Tz370w
HWSonicwallwszystkie wersjeSonicwall Tz470
HWSonicwallwszystkie wersjeSonicwall Tz470w
HWSonicwallwszystkie wersjeSonicwall Tz570
HWSonicwallwszystkie wersjeSonicwall Tz570p
HWSonicwallwszystkie wersjeSonicwall Tz570w
HWSonicwallwszystkie wersjeSonicwall Tz670
HWSonicwallwszystkie wersje
Related vulnerabilities
SonicWall SonicOS SSLVPN — pominięcie uwierzytelnienia (Auth Bypass)
Nieprawidłowa kontrola dostępu w SonicWall SonicOS — RCE i crash firewalla
A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and poten...
SonicOS SSL VPN: format string umożliwia zakłócenie usługi bez uwierzytelnienia
Atak przez fałszowanie odpowiedzi w protokole RADIUS (RFC 2865) via kolizja MD5