SonicWall Releases Security Updates for SMA100 NetExtender for Windows (CVE-2024-29014)
CVE-2024-29014 may allow an attacker to execute arbitrary code when processing an EPC Client update
Summary
CVE-2024-29014 may allow an attacker to execute arbitrary code when processing an EPC Client update
Affected platforms
The following platforms are known to be affected:
Threat details
Public proof-of-concept available
A technical analysis and proof-of-concept exploit has been released for the vulnerability CVE-2024-29014.
Introduction
SonicWall has released a security update addressing a vulnerability in the Windows (32 and 64-bit) versions of SonicWall SMA100 NetExtender. SMA100 NetExtender is a virtual private network (VPN) client. This vulnerability tracked as CVE-2024-29014, may allow an attacker to execute arbitrary code when processing an EPC Client update.
CVE-2024-29014 was originally assigned a CVSSv3 score of 7.1 but has since been reassessed as a CVSSv3 score of 8.8.
SonicWall report that NetExtender Linux versions and SonicWall firewall (SonicOS) products are not affected by vulnerability.
Remediation advice
Affected organisations are strongly encouraged to review SonicWall Security Advisory SNWLID-2024-0011 and apply the relevant updates as soon as practicable.
Definitive source of threat updates
Last edited: 27 November 2024 1:11 pm