Skip to main content

SonicWall Releases Security Updates for SMA100 NetExtender for Windows (CVE-2024-29014)

CVE-2024-29014 may allow an attacker to execute arbitrary code when processing an EPC Client update

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

CVE-2024-29014 may allow an attacker to execute arbitrary code when processing an EPC Client update


Affected platforms

The following platforms are known to be affected:

Threat details

Public proof-of-concept available

A technical analysis and proof-of-concept exploit has been released for the vulnerability CVE-2024-29014. 


Introduction

SonicWall has released a security update addressing a vulnerability in the Windows (32 and 64-bit) versions of SonicWall SMA100 NetExtender. SMA100 NetExtender is a virtual private network (VPN) client. This vulnerability tracked as CVE-2024-29014, may allow an attacker to execute arbitrary code when processing an EPC Client update.

CVE-2024-29014 was originally assigned a CVSSv3 score of 7.1 but has since been reassessed as a CVSSv3 score of 8.8. 

SonicWall report that NetExtender Linux versions and SonicWall firewall (SonicOS) products are not affected by vulnerability.


Remediation advice

Affected organisations are strongly encouraged to review SonicWall Security Advisory SNWLID-2024-0011 and apply the relevant updates as soon as practicable.



Last edited: 27 November 2024 1:11 pm