Lucene search

SonicwallCVE-2024-29012

HistoryJun 20, 2024 - 9:15 a.m.

CVE-2024-29012

2024-06-2009:15:11

CWE-787

CWE-121

sonicwall

web.nvd.nist.gov

cve-2024-29012

denial of service

sonicos

http server

buffer overflow

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.4

Confidence

High

EPSS

0.001

Percentile

17.7%

JSON

Stack-based buffer overflow vulnerability in the SonicOS HTTP server allows an authenticated remote attacker to cause Denial of Service (DoS) via sscanf function.

Affected configurations

Nvd

Node

sonicwallsonicosRange<7.0.1-5161

sonicwallsonicosRange7.1.1–7.1.1-7058

sonicwallsonicosRange7.1.2–7.1.2-7019

AND

sonicwallnsa_2700Match-

sonicwallnsa_3700Match-

sonicwallnsa_4700Match-

sonicwallnsa_5700Match-

sonicwallnsa_6700Match-

sonicwallnssp_10700Match-

sonicwallnssp_11700Match-

sonicwallnssp_13700Match-

sonicwallnsv_270Match-

sonicwallnsv_470Match-

sonicwallnsv_870Match-

sonicwalltz270Match-

sonicwalltz270wMatch-

sonicwalltz370Match-

sonicwalltz370wMatch-

sonicwalltz470Match-

sonicwalltz470wMatch-

sonicwalltz570Match-

sonicwalltz570pMatch-

sonicwalltz570wMatch-

sonicwalltz670Match-

VendorProductVersionCPE
sonicwallsonicos*cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*
sonicwallnsa_2700-cpe:2.3:h:sonicwall:nsa_2700:-:*:*:*:*:*:*:*
sonicwallnsa_3700-cpe:2.3:h:sonicwall:nsa_3700:-:*:*:*:*:*:*:*
sonicwallnsa_4700-cpe:2.3:h:sonicwall:nsa_4700:-:*:*:*:*:*:*:*
sonicwallnsa_5700-cpe:2.3:h:sonicwall:nsa_5700:-:*:*:*:*:*:*:*
sonicwallnsa_6700-cpe:2.3:h:sonicwall:nsa_6700:-:*:*:*:*:*:*:*
sonicwallnssp_10700-cpe:2.3:h:sonicwall:nssp_10700:-:*:*:*:*:*:*:*
sonicwallnssp_11700-cpe:2.3:h:sonicwall:nssp_11700:-:*:*:*:*:*:*:*
sonicwallnssp_13700-cpe:2.3:h:sonicwall:nssp_13700:-:*:*:*:*:*:*:*
sonicwallnsv_270-cpe:2.3:h:sonicwall:nsv_270:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sonicwall	sonicos	*	cpe:2.3:o:sonicwall:sonicos::::::::
sonicwall	nsa_2700	-	cpe:2.3:h:sonicwall:nsa_2700:-:::::::*
sonicwall	nsa_3700	-	cpe:2.3:h:sonicwall:nsa_3700:-:::::::*
sonicwall	nsa_4700	-	cpe:2.3:h:sonicwall:nsa_4700:-:::::::*
sonicwall	nsa_5700	-	cpe:2.3:h:sonicwall:nsa_5700:-:::::::*
sonicwall	nsa_6700	-	cpe:2.3:h:sonicwall:nsa_6700:-:::::::*
sonicwall	nssp_10700	-	cpe:2.3:h:sonicwall:nssp_10700:-:::::::*
sonicwall	nssp_11700	-	cpe:2.3:h:sonicwall:nssp_11700:-:::::::*
sonicwall	nssp_13700	-	cpe:2.3:h:sonicwall:nssp_13700:-:::::::*
sonicwall	nsv_270	-	cpe:2.3:h:sonicwall:nsv_270:-:::::::*

Rows per page:

1-10 of 221

CNA Affected

[
  {
    "defaultStatus": "unknown",
    "platforms": [
      "Gen7"
    ],
    "product": "SonicOS",
    "vendor": "SonicWall",
    "versions": [
      {
        "status": "affected",
        "version": "7.1.1-7051 and earlier versions"
      }
    ]
  }
]

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0008

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.4

Confidence

High

EPSS

0.001

Percentile

17.7%

JSON

Related for CVE-2024-29012