SonicWall has released critical security updates to address multiple vulnerabilities affecting its SMA 1000 series SSL-VPN appliances and the associated Connect Tunnel Windows client. These flaws, discovered by security researchers Hashim Jawad and Wenjie Zhong, could allow attackers to launch denial-of-service attacks, escalate privileges, and execute arbitrary code on vulnerable systems. The vulnerabilities are detailed in a recent SonicWall security advisory. The most severe vulnerability, CVE-2024-45316, carries a 7.8 CVSS score and is classified as a "Link Following Local Privilege Escalation Vulnerability." This flaw enables attackers with standard user privileges to delete arbitrary folders and files, potentially leading to complete system control. Additionally, CVE-2024-45317, with a 7.2 CVSS score, is an "Unauthenticated SMA1000 12.4.x Server-Side Request Forgery (SSRF) Vulnerability" that exposes sensitive internal resources. A third vulnerability, CVE-2024-45315, affects the Windows client of SonicWall Connect Tunnel, version 12.4.271 and earlier, allowing attackers to create arbitrary folders and files, potentially resulting in local denial-of-service attacks. To mitigate these risks, SonicWall strongly advises upgrading the SMA1000 Connect Tunnel Windows client to version 12.4.3.281 or higher and applying the SMA1000 Platform Hotfix – 12.4.3-02758 to affected appliances. It's essential to note that SMA 100 series products, Connect Tunnel Linux clients, and Connect Tunnel Mac clients are not affected. Although SonicWall hasn't observed active exploitation in the wild, prompt action is crucial to prevent potential attacks. By updating your systems now, you can safeguard against these critical vulnerabilities and protect your network from potential breaches.
Avnet, a major electronic components distributor, has confirmed a data breach involving an external cloud database supporting an internal sales tool used in the EMEA (Europe, Middl...
The developers of SillyTavern, a widely used locally hosted interface for large language models (LLMs) and other AI tools, have issued a warning regarding a serious vulnerability i...
CISA has issued an alert regarding the active exploitation of a critical privilege escalation vulnerability in Microsoft Windows, tracked as CVE-2021-43226. The flaw exists in the ...