gsd-2024-22394
Vulnerability from gsd
Modified
2024-01-11 06:02
Details
An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could allow a remote attacker to bypass authentication.
This issue affects only firmware version SonicOS 7.1.1-7040.
Aliases
{
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2024-22394"
],
"details": "An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could allow a remote attacker to bypass authentication.\u00a0\n\nThis issue affects only firmware version SonicOS 7.1.1-7040.\n\n",
"id": "GSD-2024-22394",
"modified": "2024-01-11T06:02:11.752822Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT@sonicwall.com",
"ID": "CVE-2024-22394",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SonicOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "SonicOS 7.1.1-7040"
}
]
}
}
]
},
"vendor_name": "SonicWall"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could allow a remote attacker to bypass authentication.\u00a0\n\nThis issue affects only firmware version SonicOS 7.1.1-7040.\n\n"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-287",
"lang": "eng",
"value": "CWE-287 Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0003",
"refsource": "MISC",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0003"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:sonicos:7.1.1-7040:*:*:*:*:*:*:*",
"matchCriteriaId": "10C8F8FE-C22C-4CE0-86AE-D247042A41DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:nsa_2700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8B0C7A-FD65-47CA-A625-150A90EFA7A1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:sonicwall:nsa_3700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A69E000B-5806-46FD-A233-4E2CC9DD38D2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:sonicwall:nsa_4700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8DF4A322-7CC7-4AB9-B10E-FFF34DF2182D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:sonicwall:nsa_5700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C15FED5-C48C-47CF-9645-0563D77883C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:sonicwall:nsa_6700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A884B1BB-F201-4C77-9F6E-B8A884DCD4C2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:sonicwall:nssp_10700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C3BA5A3-1160-4793-A8D6-40B9D264BCC4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:sonicwall:nssp_11700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6739DEA3-06FF-4FEB-9931-0DB27F63B70E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:sonicwall:nssp_13700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0250EDF9-0AEF-4711-8EF6-D447CF48BCAF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:sonicwall:nsv_270:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F2ABC8D8-2943-4073-9568-E87961A18998",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:sonicwall:nsv_470:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F57D527-AA3F-45E9-9BCE-6F76691066B5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:sonicwall:nsv_870:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F5ECCCF0-A5D8-42A8-8EC1-D12B49B1124A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:sonicwall:t2270:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CBB8E979-629B-48DF-BA96-40D9EF197732",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:sonicwall:tz270w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52847BA2-470B-4078-A79B-52095DB9214B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:sonicwall:tz370:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9853AE3A-B0EA-4249-AA7D-1F2051C9BF91",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:sonicwall:tz370w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4DBDD10C-F89D-4051-BC70-67B41167FF9B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:sonicwall:tz470:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C23940E-2F9D-447B-A740-42035ED5D400",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:sonicwall:tz470w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "90C790AD-C40E-4527-8F83-D278282A9600",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:sonicwall:tz570:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C7DF76E0-8E3D-4E0D-A3BB-F5AE05A4C7C9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:sonicwall:tz570p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "352DFCF9-E333-41C0-8033-91265768FD8E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:sonicwall:tz570w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C882C38-9DA5-4C03-BB23-AB2B448E3307",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:sonicwall:tz670:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AEEA6065-48D3-4EC7-BD94-CBAE3D1010FF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could allow a remote attacker to bypass authentication.\u00a0\n\nThis issue affects only firmware version SonicOS 7.1.1-7040.\n\n"
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad de autenticaci\u00f3n incorrecta en la funci\u00f3n SSL-VPN de SonicWall SonicOS, que en condiciones espec\u00edficas podr\u00eda permitir que un atacante remoto omita la autenticaci\u00f3n. Este problema afecta \u00fanicamente a la versi\u00f3n de firmware SonicOS 7.1.1-7040."
}
],
"id": "CVE-2024-22394",
"lastModified": "2024-02-14T21:46:40.537",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-08T02:15:07.620",
"references": [
{
"source": "PSIRT@sonicwall.com",
"tags": [
"Vendor Advisory"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0003"
}
],
"sourceIdentifier": "PSIRT@sonicwall.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "PSIRT@sonicwall.com",
"type": "Secondary"
}
]
}
}
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.