SonicWall SonicOS Privilege Escalation (CVE-2024-53706) (SNWLID-2025-0003)

🗓️ 06 Mar 2025 00:00:00Reported by TenableType

SonicWall SonicOS has a privilege escalation vulnerability allowing local attackers to gain root access.

Reporter	Title	Published	Views	Family All 12
Circl	CVE-2024-53706	7 Jan 202512:38	–	circl
CNNVD	SonicWALL Gen7 SonicOS Cloud platform NSv 安全漏洞	9 Jan 202500:00	–	cnnvd
CVE	CVE-2024-53706	9 Jan 202507:05	–	cve
Cvelist	CVE-2024-53706	9 Jan 202507:05	–	cvelist
EUVD	EUVD-2024-52039	3 Oct 202520:07	–	euvd
NCSC	Vulnerabilities fixed in SonicWall SonicOS	18 Feb 202508:09	–	ncsc
NVD	CVE-2024-53706	9 Jan 202507:15	–	nvd
Positive Technologies	PT-2025-1012 · Sonicwall · Gen7 Sonicos Cloud Platform Nsv	7 Jan 202500:00	–	ptsecurity
SonicWall	SonicOS Affected By Multiple Vulnerabilities	7 Jan 202516:56	–	sonicwall
The Hacker News	Major Vulnerabilities Patched in SonicWall, Palo Alto Expedition, and Aviatrix Controllers	9 Jan 202517:29	–	thn

Source	Link
psirt	www.psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(232200);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/03/06");

  script_cve_id("CVE-2024-53706");

  script_name(english:"SonicWall SonicOS Privilege Escalation (CVE-2024-53706) (SNWLID-2025-0003)");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by a privilege escalation vulnerability.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version, the remote SonicWall firewall is running a version of SonicOS that is affected
by a privilege escalation vulnerability. The vulnerability allows a remote authenticated local low-privileged attacker
to elevate privileges to 'root' and potentially lead to code execution.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003");
  script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in the vendor security advisory.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-53706");

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/01/07");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/01/07");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/03/06");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:sonicwall:sonicos");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Firewalls");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("sonicwall_sonicos_installed.nbin");
  script_require_keys("installed_sw/SonicWall SonicOS");

  exit(0);
}

include('vcf_extras.inc');

var app_info = vcf::get_app_info(app:'SonicWall SonicOS');

# Only AWS and Azure editions are vulnerable
# Unable to make that distinction
if (report_paranoia < 2)
  audit(AUDIT_POTENTIAL_VULN, 'SonicWall SonicOS', app_info.display_version);

var gen7_vuln_models = [
  'NSv 270',
  'NSv 470',
  'NSv 870'
];

var constraints = [
  { 'min_version':'7.1.0',  'max_version':'7.1.2',  'fixed_display':'7.1.3-7015', 'models':gen7_vuln_models },
  { 'equal':'7.1.3', 'ext':'7015',                  'fixed_display':'7.1.3-7015', 'models':gen7_vuln_models },
];

vcf::sonicwall_sonicos::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);

06 Mar 2025 00:00Current

8.7High risk

Vulners AI Score8.7

CVSS 3.17.8

EPSS0.00655

SSVC