SonicWall Releases Security Updates for SMA100 NetExtender for Windows (CVE-2024-29014)


SonicWall has released a security update addressing a vulnerability in the Windows (32 and 64-bit) versions of SonicWall SMA100 NetExtender. SMA100 NetExtender is a virtual private network (VPN) client.

This vulnerability tracked as CVE-2024-29014, may allow an attacker to execute arbitrary code when processing an EPC Client update. CVE-2024-29014 was originally assigned a CVSSv3 score of 7.1 but has since been reassessed as a CVSSv3 score of 8.8. SonicWall report that NetExtender Linux versions and SonicWall firewall (SonicOS) products are not affected by vulnerability.

Read more…
Source: NHS Digital


Sign up for our Newsletter


Related:

  • Exploitation of Critical Vulnerability CVE-2025-23006 in SonicWall SMA1000 Series Appliances

    January 23, 2025

    SonicWall has released a security update for a critical vulnerability in Secure Mobile Access (SMA) 1000 Series appliances. This vulnerability impacts the Appliance Management Console (AMC) and Central Management Console (CMC). SonicWall Secure Mobile Access is described as a unified secure access gateway that provides a Secure Sockets Layer (SSL) virtual private network (VPN), context-aware device ...

  • 7-Zip bug could allow a bypass of a Windows security feature – update now

    January 22, 2025

    A patch is available for a vulnerability in 7-Zip that could have allowed attackers to bypass the Mark-of-the-Web (MotW) security feature in Windows. The MotW is an attribute added to files by Windows when they have been sourced from an untrusted location, like the internet or a restricted zone. The MotW is what triggers warnings that ...

  • ChatGPT API vulnerability could enable large-scale DDoS attacks

    January 21, 2025

    A security flaw in OpenAI’s ChatGPT application programming interface could be used to initiate a distributed denial-of-service attack on websites, according to a researcher. The discovery was made by Benjamin Flesch, a security researcher in Germany, who detailed the vulnerability and how it could be exploited on GitHub. According to Flesch, the flaw lies in the ...

  • Proof-of-Concept Exploit Released for CVE-2024-53691 in QNAP QTS and QuTS NAS

    January 17, 2025

    QNAP has released a security advisory addressing three vulnerabilities in the QTS and QuTS products. QTS and QuTS are the operating system for QNAP Network-attached storage (NAS) appliances. CVE-2023-39298 is a ‘Missing authorisation’ vulnerability with a CVSSv3 score of 7.8. If exploited, a local attacker with low privileges could access data or perform actions without proper ...

  • Mercedes-Benz Head Unit security research report

    January 17, 2025

    This report covers the research of the Mercedes-Benz Head Unit, which was made by Kaspersky team. Mercedes-Benz’s latest Head Unit (infotainment system) is called Mercedes-Benz User Experience (MBUX). The researchers performed analysis of the first generation MBUX. MBUX was previously analysed by KeenLab. Their report is a good starting point for diving deep into the MBUX ...

  • Threat Brief: CVE-2025-0282 and CVE-2025-0283

    January 16, 2025

    On Jan. 8, 2025, Ivanti released a security advisory for two vulnerabilities (CVE-2025-0282 and CVE-2025-0283) in its Connect Secure, Policy Secure and ZTA gateway products. This threat brief provides attack details that we observed in a recent incident response engagement to provide actionable intelligence to the community. These details can be used to further detect current ...