SonicWall Releases Security Updates for SMA100 NetExtender for Windows (CVE-2024-29014)


SonicWall has released a security update addressing a vulnerability in the Windows (32 and 64-bit) versions of SonicWall SMA100 NetExtender. SMA100 NetExtender is a virtual private network (VPN) client.

This vulnerability tracked as CVE-2024-29014, may allow an attacker to execute arbitrary code when processing an EPC Client update. CVE-2024-29014 was originally assigned a CVSSv3 score of 7.1 but has since been reassessed as a CVSSv3 score of 8.8. SonicWall report that NetExtender Linux versions and SonicWall firewall (SonicOS) products are not affected by vulnerability.

Read more…
Source: NHS Digital


Sign up for our Newsletter


Related:

  • ChatGPT API vulnerability could enable large-scale DDoS attacks

    January 21, 2025

    A security flaw in OpenAI’s ChatGPT application programming interface could be used to initiate a distributed denial-of-service attack on websites, according to a researcher. The discovery was made by Benjamin Flesch, a security researcher in Germany, who detailed the vulnerability and how it could be exploited on GitHub. According to Flesch, the flaw lies in the ...

  • Proof-of-Concept Exploit Released for CVE-2024-53691 in QNAP QTS and QuTS NAS

    January 17, 2025

    QNAP has released a security advisory addressing three vulnerabilities in the QTS and QuTS products. QTS and QuTS are the operating system for QNAP Network-attached storage (NAS) appliances. CVE-2023-39298 is a ‘Missing authorisation’ vulnerability with a CVSSv3 score of 7.8. If exploited, a local attacker with low privileges could access data or perform actions without proper ...

  • Mercedes-Benz Head Unit security research report

    January 17, 2025

    This report covers the research of the Mercedes-Benz Head Unit, which was made by Kaspersky team. Mercedes-Benz’s latest Head Unit (infotainment system) is called Mercedes-Benz User Experience (MBUX). The researchers performed analysis of the first generation MBUX. MBUX was previously analysed by KeenLab. Their report is a good starting point for diving deep into the MBUX ...

  • Threat Brief: CVE-2025-0282 and CVE-2025-0283

    January 16, 2025

    On Jan. 8, 2025, Ivanti released a security advisory for two vulnerabilities (CVE-2025-0282 and CVE-2025-0283) in its Connect Secure, Policy Secure and ZTA gateway products. This threat brief provides attack details that we observed in a recent incident response engagement to provide actionable intelligence to the community. These details can be used to further detect current ...

  • Clop ransomware gang names dozens of victims hit by Cleo mass-hack, but several firms dispute breaches

    January 16, 2025

    The prolific Clop ransomware gang has named dozens of corporate victims it claims to have hacked in recent weeks after exploiting a vulnerability ​​in several popular enterprise file transfer products developed by U.S. software company Cleo. In a post on its dark web leak site, seen by TechCrunch, the Russia-linked Clop gang listed 59 organizations it ...

  • Hackers are exploiting a new Fortinet firewall bug to breach company networks

    January 14, 2025

    Security researchers say malicious hackers have been exploiting a newly discovered vulnerability in Fortinet firewalls to break into corporate and enterprise networks. In an advisory published Tuesday, security product maker Fortinet confirmed that a critical-rated vulnerability in its FortiGate firewalls, tracked as CVE-2024-55591, is “being exploited in the wild.” Fortinet made patches available, but security researchers ...