Created on 2025-01-07 12:38 and updated on 2025-01-07 12:45.
Description
| Advisory ID | CVSS Score | Advisory Title | Associated CVEs |
|---|---|---|---|
| SNWLID-2025-0003 | CVSS Score 8.2 | SONICOS AFFECTED BY MULTIPLE VULNERABILITIES | - CVE-2024-40762: SonicOS SSLVPN Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) - CVSS Score 7.1. Use of a weak PRNG in the SonicOS SSLVPN authentication token generator can allow attackers to predict the token, potentially resulting in authentication bypass. - CVE-2024-53704: SonicOS SSLVPN Authentication Bypass Vulnerability - CVSS Score 8.2. - CVE-2024-53705: SonicOS SSH Management Server-Side Request Forgery Vulnerability - CVSS Score 6.5. - CVE-2024-53706: Gen7 SonicOS Cloud NSv SSH Config Function Local Privilege Escalation Vulnerability - CVSS Score 7.8. |
| SNWLID-2024-0013 | CVSS Score 5.3 | INTEGER-BASED BUFFER OVERFLOW VULNERABILITY IN SONICOS VIA IPSEC | - CVE-2024-40765: Integer-based buffer overflow vulnerability in SonicOS via IPsec. Allows denial of service and potential execution of arbitrary code. CVSS Score 5.3. |
| SNWLID-2025-0001 | CVSS Score 6.5 | SSL-VPN MFA BYPASS DUE TO UPN AND SAM ACCOUNT HANDLING IN MICROSOFT AD | - CVE-2024-12802: SSL-VPN MFA Bypass in SonicWALL SSL-VPN due to separate handling of UPN (User Principal Name) and SAM (Security Account Manager) account names when integrated with Microsoft Active Directory. Allows MFA bypass by exploiting alternative account name handling. CVSS Score 6.5. |
| SNWLID-2025-0004 | CVSS Score 6.0 | SONICOS MULTIPLE POST-AUTHENTICATION VULNERABILITIES | - CVE-2024-12803: Post-authentication stack-based buffer overflow vulnerability in SonicOS. CVSS Score 6.0. - CVE-2024-12805: Post-authentication format string vulnerability in SonicOS. CVSS Score 6.0. - CVE-2024-12806: Post-authentication absolute path traversal vulnerability in SonicOS. CVSS Score 4.9. |
Source: https://i.imgur.com/VpI6jkI.png
Vulnerabilities included in this bundle
Author
Alexandre DulaunoyCombined sightings
| Author | Vulnerability | Source | Type | Date |
|---|