9.8критическая
CVE-2024-22394
Описание
An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could allow a remote attacker to bypass authentication.
This issue affects only firmware version SonicOS 7.1.1-7040.
Затрагиваемое ПО
Sonicwall SonicosSonicwall Nsa 2700Sonicwall Nsa 3700Sonicwall Nsa 4700Sonicwall Nsa 5700Sonicwall Nsa 6700Sonicwall Nssp 10700Sonicwall Nssp 11700Sonicwall Nssp 13700Sonicwall Nsv 270Sonicwall Nsv 470Sonicwall Nsv 870Sonicwall T2270Sonicwall Tz270wSonicwall Tz370Sonicwall Tz370wSonicwall Tz470Sonicwall Tz470wSonicwall Tz570Sonicwall Tz570pSonicwall Tz570wSonicwall Tz670
CVSS
| Балл | 9.8 — критическая |
| Вектор | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Источники
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0003https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0003