SonicWall Family March 2024 1st Security Update Advisory

Overview

 

SonicWall(https://www.sonicwall.com) has released a security update that fixes vulnerabilities in its supplied products. users of affected products are advised to update to the latest version.

 

Affected Products

 

10.0.26.7807 and below

 

Resolved Vulnerabilities

 

Vulnerability in SonicOS via IPSec in the SonicOS via IPSec allows remote attackers under certain conditions to cause an integer-based buffer overflow in SonicOS via IPSec, resulting in a denial of service (DoS), and possibly execute arbitrary code by sending a specially crafted IKEv2 payload

 

Vulnerability Patches

 

The following product-specific Vulnerability Patches were made available in the March 13, 2024 update. For more information on Vulnerability Patches, please refer to the “FIXED SOFTWARE” section of the product-specific Referenced Sites documentation.

10.0.28.7941 and later versions

SonicOS 7.0.1-5151, SonicOS 7.1.1-7051, and later versions

 

vulnerability Mitigation

 

If you are unable to proceed with patching the vulnerability immediately, please refer to the WORKAROUND section of the reference documentation.

 

Referenced Sites

 

[1] SonicWall Email Security Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0006

[2] SonicOS SSLVPN Portal Stored Cross-site Scripting Vulnerability

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0005

[3] Integer-Based Buffer Overflow Vulnerability In SonicOS via IPSec

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0004