Search

Find a vulnerability

Search criteria

    7 vulnerabilities found for Connect Tunnel by SonicWall

    CERTFR-2025-AVI-0327

    Vulnerability from certfr_avis - Published: 2025-04-17 - Updated: 2025-04-17

    Une vulnérabilité a été découverte dans SonicWall Connect Tunnel. Elle permet à un attaquant de provoquer une atteinte à l'intégrité des données.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Sonicwall Connect Tunnel SonicWall Connect Tunnel Windows (32 et 64 bits) Client versions antérieures à 12.4.3.298
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "SonicWall Connect Tunnel Windows (32 et 64 bits) Client versions ant\u00e9rieures \u00e0 12.4.3.298",
          "product": {
            "name": "Connect Tunnel",
            "vendor": {
              "name": "Sonicwall",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2025-32817",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-32817"
        }
      ],
      "initial_release_date": "2025-04-17T00:00:00",
      "last_revision_date": "2025-04-17T00:00:00",
      "links": [],
      "reference": "CERTFR-2025-AVI-0327",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2025-04-17T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans SonicWall Connect Tunnel. Elle permet \u00e0 un attaquant de provoquer une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
      "title": "Vuln\u00e9rabilit\u00e9 dans SonicWall Connect Tunnel",
      "vendor_advisories": [
        {
          "published_at": "2025-04-16",
          "title": "Bulletin de s\u00e9curit\u00e9 SonicWall SNWLID-2025-0007",
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0007"
        }
      ]
    }

    CVE-2025-32817 (GCVE-0-2025-32817)

    Vulnerability from nvd – Published: 2025-04-16 19:10 – Updated: 2025-04-17 15:55
    VLAI
    Summary
    A Improper Link Resolution vulnerability (CWE-59) in the SonicWall Connect Tunnel Windows (32 and 64 bit) client, this results in unauthorized file overwrite, potentially leading to denial of service or file corruption.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    References
    Impacted products
    Vendor Product Version
    SonicWall Connect Tunnel Affected: 12.4.3.283 and earlier versions
    Create a notification for this product.
    Date Public
    2025-04-16 07:04
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.1,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-32817",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T20:13:03.098353Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-17T15:55:27.433Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "platforms": [
                "Windows",
                "64 bit",
                "32 bit"
              ],
              "product": "Connect Tunnel",
              "vendor": "SonicWall",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.4.3.283 and earlier versions"
                }
              ]
            }
          ],
          "datePublic": "2025-04-16T07:04:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A Improper Link Resolution vulnerability (CWE-59) in the SonicWall Connect Tunnel Windows (32 and 64 bit) client, this results in unauthorized file overwrite, potentially leading to denial of service or file corruption."
                }
              ],
              "value": "A Improper Link Resolution vulnerability (CWE-59) in the SonicWall Connect Tunnel Windows (32 and 64 bit) client, this results in unauthorized file overwrite, potentially leading to denial of service or file corruption."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-59",
                  "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-16T19:10:57.562Z",
            "orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
            "shortName": "sonicwall"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0007"
            }
          ],
          "source": {
            "advisory": "SNWLID-2025-0007",
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
        "assignerShortName": "sonicwall",
        "cveId": "CVE-2025-32817",
        "datePublished": "2025-04-16T19:10:57.562Z",
        "dateReserved": "2025-04-11T08:50:31.682Z",
        "dateUpdated": "2025-04-17T15:55:27.433Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-45316 (GCVE-0-2024-45316)

    Vulnerability from nvd – Published: 2024-10-11 08:20 – Updated: 2024-10-11 15:38
    VLAI
    Summary
    The Improper link resolution before file access ('Link Following') vulnerability in SonicWall Connect Tunnel (version 12.4.3.271 and earlier of Windows client) allows users with standard privileges to delete arbitrary folders and files, potentially leading to local privilege escalation attack.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    References
    Impacted products
    Vendor Product Version
    SonicWall Connect Tunnel Affected: 12.4.3.271 and earlier versions
    Create a notification for this product.
    sonicwall connect_tunnel Affected: 0 , < 12.4.3.271 (custom)
        cpe:2.3:a:sonicwall:connect_tunnel:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-10-11 08:18
    Credits
    Hashim Jawad (@ihack4falafel) through Trend Micro (Zero Day Initiative)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:sonicwall:connect_tunnel:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "connect_tunnel",
                "vendor": "sonicwall",
                "versions": [
                  {
                    "lessThan": "12.4.3.271",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-45316",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-11T15:35:14.195681Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-11T15:38:20.692Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "platforms": [
                "Windows"
              ],
              "product": "Connect Tunnel",
              "vendor": "SonicWall",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.4.3.271 and earlier versions"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Hashim Jawad (@ihack4falafel) through Trend Micro (Zero Day Initiative)"
            }
          ],
          "datePublic": "2024-10-11T08:18:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The Improper link resolution before file access (\u0027Link Following\u0027) vulnerability in SonicWall Connect Tunnel (version 12.4.3.271 and earlier of Windows client) allows users with standard privileges to delete arbitrary folders and files, potentially leading to local privilege escalation attack."
                }
              ],
              "value": "The Improper link resolution before file access (\u0027Link Following\u0027) vulnerability in SonicWall Connect Tunnel (version 12.4.3.271 and earlier of Windows client) allows users with standard privileges to delete arbitrary folders and files, potentially leading to local privilege escalation attack."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-59",
                  "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-11T08:20:57.727Z",
            "orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
            "shortName": "sonicwall"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0017"
            }
          ],
          "source": {
            "advisory": "SNWLID-2024-0017",
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
        "assignerShortName": "sonicwall",
        "cveId": "CVE-2024-45316",
        "datePublished": "2024-10-11T08:20:57.727Z",
        "dateReserved": "2024-08-26T20:20:45.693Z",
        "dateUpdated": "2024-10-11T15:38:20.692Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-45315 (GCVE-0-2024-45315)

    Vulnerability from nvd – Published: 2024-10-11 08:17 – Updated: 2024-11-01 15:59
    VLAI
    Summary
    The Improper link resolution before file access ('Link Following') vulnerability in SonicWall Connect Tunnel (version 12.4.3.271 and earlier of Windows client) allows users with standard privileges to create arbitrary folders and files, potentially leading to local Denial of Service (DoS) attack.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    References
    Impacted products
    Vendor Product Version
    SonicWall Connect Tunnel Affected: 12.4.3.271 and earlier versions
    Create a notification for this product.
    Date Public
    2024-10-11 07:59
    Credits
    Hashim Jawad (@ihack4falafel) through Trend Micro (Zero Day Initiative)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 5.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-45315",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-11T15:22:27.509378Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-01T15:59:56.980Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "platforms": [
                "Windows"
              ],
              "product": "Connect Tunnel",
              "vendor": "SonicWall",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.4.3.271 and earlier versions"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Hashim Jawad (@ihack4falafel) through Trend Micro (Zero Day Initiative)"
            }
          ],
          "datePublic": "2024-10-11T07:59:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The Improper link resolution before file access (\u0027Link Following\u0027) vulnerability in SonicWall Connect Tunnel (version 12.4.3.271 and earlier of Windows client) allows users with standard privileges to create arbitrary folders and files, potentially leading to local Denial of Service (DoS) attack."
                }
              ],
              "value": "The Improper link resolution before file access (\u0027Link Following\u0027) vulnerability in SonicWall Connect Tunnel (version 12.4.3.271 and earlier of Windows client) allows users with standard privileges to create arbitrary folders and files, potentially leading to local Denial of Service (DoS) attack."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-59",
                  "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-11T08:17:13.448Z",
            "orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
            "shortName": "sonicwall"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0017"
            }
          ],
          "source": {
            "advisory": "SNWLID-2024-0017",
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
        "assignerShortName": "sonicwall",
        "cveId": "CVE-2024-45315",
        "datePublished": "2024-10-11T08:17:13.448Z",
        "dateReserved": "2024-08-26T20:20:45.693Z",
        "dateUpdated": "2024-11-01T15:59:56.980Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-32817 (GCVE-0-2025-32817)

    Vulnerability from cvelistv5 – Published: 2025-04-16 19:10 – Updated: 2025-04-17 15:55
    VLAI
    Summary
    A Improper Link Resolution vulnerability (CWE-59) in the SonicWall Connect Tunnel Windows (32 and 64 bit) client, this results in unauthorized file overwrite, potentially leading to denial of service or file corruption.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    References
    Impacted products
    Vendor Product Version
    SonicWall Connect Tunnel Affected: 12.4.3.283 and earlier versions
    Create a notification for this product.
    Date Public
    2025-04-16 07:04
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.1,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-32817",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T20:13:03.098353Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-17T15:55:27.433Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "platforms": [
                "Windows",
                "64 bit",
                "32 bit"
              ],
              "product": "Connect Tunnel",
              "vendor": "SonicWall",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.4.3.283 and earlier versions"
                }
              ]
            }
          ],
          "datePublic": "2025-04-16T07:04:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A Improper Link Resolution vulnerability (CWE-59) in the SonicWall Connect Tunnel Windows (32 and 64 bit) client, this results in unauthorized file overwrite, potentially leading to denial of service or file corruption."
                }
              ],
              "value": "A Improper Link Resolution vulnerability (CWE-59) in the SonicWall Connect Tunnel Windows (32 and 64 bit) client, this results in unauthorized file overwrite, potentially leading to denial of service or file corruption."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-59",
                  "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-16T19:10:57.562Z",
            "orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
            "shortName": "sonicwall"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0007"
            }
          ],
          "source": {
            "advisory": "SNWLID-2025-0007",
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
        "assignerShortName": "sonicwall",
        "cveId": "CVE-2025-32817",
        "datePublished": "2025-04-16T19:10:57.562Z",
        "dateReserved": "2025-04-11T08:50:31.682Z",
        "dateUpdated": "2025-04-17T15:55:27.433Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-45316 (GCVE-0-2024-45316)

    Vulnerability from cvelistv5 – Published: 2024-10-11 08:20 – Updated: 2024-10-11 15:38
    VLAI
    Summary
    The Improper link resolution before file access ('Link Following') vulnerability in SonicWall Connect Tunnel (version 12.4.3.271 and earlier of Windows client) allows users with standard privileges to delete arbitrary folders and files, potentially leading to local privilege escalation attack.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    References
    Impacted products
    Vendor Product Version
    SonicWall Connect Tunnel Affected: 12.4.3.271 and earlier versions
    Create a notification for this product.
    sonicwall connect_tunnel Affected: 0 , < 12.4.3.271 (custom)
        cpe:2.3:a:sonicwall:connect_tunnel:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-10-11 08:18
    Credits
    Hashim Jawad (@ihack4falafel) through Trend Micro (Zero Day Initiative)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:sonicwall:connect_tunnel:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "connect_tunnel",
                "vendor": "sonicwall",
                "versions": [
                  {
                    "lessThan": "12.4.3.271",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-45316",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-11T15:35:14.195681Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-11T15:38:20.692Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "platforms": [
                "Windows"
              ],
              "product": "Connect Tunnel",
              "vendor": "SonicWall",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.4.3.271 and earlier versions"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Hashim Jawad (@ihack4falafel) through Trend Micro (Zero Day Initiative)"
            }
          ],
          "datePublic": "2024-10-11T08:18:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The Improper link resolution before file access (\u0027Link Following\u0027) vulnerability in SonicWall Connect Tunnel (version 12.4.3.271 and earlier of Windows client) allows users with standard privileges to delete arbitrary folders and files, potentially leading to local privilege escalation attack."
                }
              ],
              "value": "The Improper link resolution before file access (\u0027Link Following\u0027) vulnerability in SonicWall Connect Tunnel (version 12.4.3.271 and earlier of Windows client) allows users with standard privileges to delete arbitrary folders and files, potentially leading to local privilege escalation attack."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-59",
                  "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-11T08:20:57.727Z",
            "orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
            "shortName": "sonicwall"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0017"
            }
          ],
          "source": {
            "advisory": "SNWLID-2024-0017",
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
        "assignerShortName": "sonicwall",
        "cveId": "CVE-2024-45316",
        "datePublished": "2024-10-11T08:20:57.727Z",
        "dateReserved": "2024-08-26T20:20:45.693Z",
        "dateUpdated": "2024-10-11T15:38:20.692Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-45315 (GCVE-0-2024-45315)

    Vulnerability from cvelistv5 – Published: 2024-10-11 08:17 – Updated: 2024-11-01 15:59
    VLAI
    Summary
    The Improper link resolution before file access ('Link Following') vulnerability in SonicWall Connect Tunnel (version 12.4.3.271 and earlier of Windows client) allows users with standard privileges to create arbitrary folders and files, potentially leading to local Denial of Service (DoS) attack.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    References
    Impacted products
    Vendor Product Version
    SonicWall Connect Tunnel Affected: 12.4.3.271 and earlier versions
    Create a notification for this product.
    Date Public
    2024-10-11 07:59
    Credits
    Hashim Jawad (@ihack4falafel) through Trend Micro (Zero Day Initiative)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 5.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-45315",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-11T15:22:27.509378Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-01T15:59:56.980Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "platforms": [
                "Windows"
              ],
              "product": "Connect Tunnel",
              "vendor": "SonicWall",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.4.3.271 and earlier versions"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Hashim Jawad (@ihack4falafel) through Trend Micro (Zero Day Initiative)"
            }
          ],
          "datePublic": "2024-10-11T07:59:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The Improper link resolution before file access (\u0027Link Following\u0027) vulnerability in SonicWall Connect Tunnel (version 12.4.3.271 and earlier of Windows client) allows users with standard privileges to create arbitrary folders and files, potentially leading to local Denial of Service (DoS) attack."
                }
              ],
              "value": "The Improper link resolution before file access (\u0027Link Following\u0027) vulnerability in SonicWall Connect Tunnel (version 12.4.3.271 and earlier of Windows client) allows users with standard privileges to create arbitrary folders and files, potentially leading to local Denial of Service (DoS) attack."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-59",
                  "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-11T08:17:13.448Z",
            "orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
            "shortName": "sonicwall"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0017"
            }
          ],
          "source": {
            "advisory": "SNWLID-2024-0017",
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
        "assignerShortName": "sonicwall",
        "cveId": "CVE-2024-45315",
        "datePublished": "2024-10-11T08:17:13.448Z",
        "dateReserved": "2024-08-26T20:20:45.693Z",
        "dateUpdated": "2024-11-01T15:59:56.980Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }