heise PlusAbo
Anzeige

Vulnerability in Sonicwall SMA1000 series allows privilege escalation

Sonicwall plugs security gaps in SSL VPN appliances of the SMA1000 series and in the Connect Tunnel Client.

listen Print view
An appliance connects many clients with cables through the cloud. You and a few clients burn.

(Image: Bild erstellt mit KI in Bing Image Creator durch heise online / dmk)

2 min. read
Security
By

Sonicwall warns of security vulnerabilities in SSL VPN appliances of the SMA1000 series and the Connect Tunnel Client for Windows. Attackers can thereby extend their rights, redirect unauthorized requests or provoke denial of service.

In a security release, Sonicwall's developers list three vulnerabilities. In the Connect Tunnel Client for Windows of the appliances from the SMA1000 series, malicious actors with standard rights can delete any folders and files. This allows them to extend their rights in the system (CVE-2024-45316, CVSS 7.8, risk"high"). The cause is insufficient resolution of links before accessing files ("link following").

Further security vulnerabilities in SMA1000

In the connect tunnel client of the SMA1000 appliances, another "link following" vulnerability allows users with standard rights to create arbitrary files and folders and thus trigger a denial of service (CVE-2024-45315, CVSS 6.1, medium).

Videos by heise

Due to a so-called server-side request forgery (SSRF), attackers from the network can cause the server-side app to make requests to IP addresses that are not actually desired without prior authentication (CVE-2024-45317, CVSS 7.2, high). This enables further attacks and often also unauthorized access to network areas that are actually protected.

Sonicwall provides updated software and firmware to close the security gaps. Vulnerable are SMA1000 Connect Tunnel for Windows in both 32- and 64-bit versions up to and including version 12.4.3.271 and SMA1000 Appliance Firmware up to and including 12.4.3-02676. Connect Tunnel 12.4.3.281 as well as SMA1000 Platform Hotfix 12.4.3-02758 and newer versions plug the security leaks. They are available for download on the Sonicwall user portal. Sonicwall offers the 32-bit and 64-bit versions of the Connect Tunnel software as a direct download.

Sonicwall strongly recommends SSLVPN SMA1000 and Connect Tunnel users to install the corrected versions. The company is also keen to point out that the SMA100 series and Linux and macOS versions of the Connect Tunnel software are not affected.

Read also

In September, criminals actively attacked security vulnerabilities in Soicwalls and the associated SSL VPN. The attacked vulnerability was previously classified as a critical risk by the company's developers.

(dmk)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten