SonicWall Family October 2024 1st Security Update Advisory

Overview

 

SonicWall(https://www.sonicwall.com) has released a security update that fixes vulnerabilities in its supplied products. Users of affected products are advised to update to the latest version.

 

Affected Products

 

SMA1000 Appliance firmware 12.4.3-02676 or below version

SMA1000 Connect Tunnel Windows (32 and 64-bit) Client 12.4.3.271 or below version

 

Resolved Vulnerabilities

 

Denial of Service (Dos) Vulnerability in SonicWall SMA1000 Connect Tunnel Windows (CVE-2024-45315, CVSS 6.1)

SonicWall SMA1000 Connect Tunnel Windows Elevation of Privilege Vulnerability (CVE-2024-45316, CVSS 7.8)

Server Side Request Forgery (SSRF) Vulnerability in SMA1000 12.4.x (CVE-2024-45317, CVSS 7.2)

 

 

 

Vulnerability Patches

 

The following product-specific Vulnerability Patches were made available with the October 10, 2024 update. For more information on Vulnerability Patches, Please refer to the “FIXED SOFTWARE” section of the product-specific Referenced Sites document.

SMA1000 Connect Tunnel Windows (32 and 64-bit) Client 12.4.3.281 or later version

SMA1000 Platform Hotfix – 12.4.3-02758

 

vulnerability Mitigation

 

If you are unable to proceed with the Vulnerability Patches immediately, Please refer to the WORKAROUND section of the reference documentation.

 

Referenced Sites

 

[1] SonicWall SSL-VPN SMA1000 and Connect Tunnel Windows Client Affected By Multiple Vulnerabilities

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0017