SonicWall Releases Security Updates for SMA100 NetExtender for Windows (CVE-2024-29014)


SonicWall has released a security update addressing a vulnerability in the Windows (32 and 64-bit) versions of SonicWall SMA100 NetExtender. SMA100 NetExtender is a virtual private network (VPN) client.

This vulnerability tracked as CVE-2024-29014, may allow an attacker to execute arbitrary code when processing an EPC Client update. CVE-2024-29014 was originally assigned a CVSSv3 score of 7.1 but has since been reassessed as a CVSSv3 score of 8.8. SonicWall report that NetExtender Linux versions and SonicWall firewall (SonicOS) products are not affected by vulnerability.

Read more…
Source: NHS Digital


Sign up for our Newsletter


Related:

  • Chrome Flaw Allows Sites to Secretly Record Audio/Video Without Indication

    May 30, 2017

    What if your laptop is listening to everything that is being said during your phone calls or other people near your laptop and even recording video of your surrounding without your knowledge? Sounds really scary! Isn’t it? But this scenario is not only possible but is hell easy to accomplish. A UX design flaw in the Google’s ...

  • Yahoo Retires ImageMagick After Exploit Leaks Email Content

    May 22, 2017

    Yahoo is once more at the center of a security scandal after an ImageMagick library exploit was found leaking user email content. The discovery was made by security researcher Chris Evans, who demonstrated the exploit, showing just how easy it was to break Yahoo’s system to trigger email information leaks. Yahoo has since retired the use of ...

  • Cisco Finally Patches 0-Day Exploit Disclosed In Wikileaks-CIA Leak

    May 10, 2017

    Cisco Systems has finally released an update for its IOS and IOS XE software to address a critical vulnerability, disclosed nearly two months back in the CIA Vault 7 leak, that affects more than 300 of its switch models. The company identified the vulnerability in its product while analyzing “Vault 7” dump — thousands of documents ...

  • ‘Crazy bad’ bug in Microsoft’s Windows malware scanner can be used to install malware

    May 9, 2017

    Miscreants can turn the tables on Microsoft and use its own antivirus engine against Windows users – by abusing it to install malware on vulnerable machines. A particularly nasty security flaw exists in Redmond’s anti-malware software, which is packaged and marketed in various forms: Windows Defender, Windows Intune Endpoint Protection, Microsoft Security Essentials, Microsoft System Center ...

  • Are Cross-Protocol Attacks The Next Big Cybersecurity Danger?

    May 8, 2017

    In the digital world we live in, technologies are rapidly evolving. Cyber threats are not lagging behind. While developers build more and more complex programs, hackers find new, smarter ways to attack. New threats can break connections that were considered highly secure until recently. One specific and recent example are the so-called cross–protocol attacks. They make it ...

  • Intel Chip Vulnerability Worse than Thought, Lets Hackers Hijack Fleets of PCs

    May 8, 2017

    That vulnerability that Intel discovered and disclosed last week after going undetected for almost a decade is much worse than originally thought as it allows hackers to remotely gain full control over affected PCs running Windows, without even needing a password.  As announced by Intel, the bug affects Intel’s Active Management Technology (AMT) which allows IT ...