CVE-2024-29014
published 2024-07-18CVE-2024-29014: Vulnerability in SonicWall SMA100 NetExtender Windows (32 and 64-bit) client 10.2.339 and earlier versions allows an attacker to arbitrary code execution when…
PriorityP358high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.86%
76.6th percentile
Vulnerability in SonicWall SMA100 NetExtender Windows (32 and 64-bit) client 10.2.339 and earlier versions allows an attacker to arbitrary code execution when processing an EPC Client update.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sonicwall | netextender | < 10.2.341 | 10.2.341 |
| sonicwall | netextender | — | — |
| sonicwall | netextender | — | — |
| sonicwall | sma | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gg23-w2rg-qj4q: Vulnerability in SonicWall NetExtender Windows (32 and 64-bit) client 10
ghsa_unreviewed·2024-07-18
CVE-2024-29014 [HIGH] CWE-94 GHSA-gg23-w2rg-qj4q: Vulnerability in SonicWall NetExtender Windows (32 and 64-bit) client 10
Vulnerability in SonicWall NetExtender Windows (32 and 64-bit) client 10.2.339 and earlier versions allows an attacker to arbitrary code execution when processing an EPC Client update.
SonicWall
CVE-2024-29014: Vulnerability in SonicWall SMA100 NetExtender Windows (32 and 64-bit) client 10.2.339 and earlier versions allows an attacker to arbitrary code execut
vendor_sonicwall·2024-07-18·CVSS 8.8
CVE-2024-29014 [HIGH] CWE-94 CVE-2024-29014: Vulnerability in SonicWall SMA100 NetExtender Windows (32 and 64-bit) client 10.2.339 and earlier versions allows an attacker to arbitrary code execut
CVE-2024-29014: Vulnerability in SonicWall SMA100 NetExtender Windows (32 and 64-bit) client 10.2.339 and earlier versions allows an attacker to arbitrary code execution when processing an EPC Client update.
Suricata
ET WEB_SPECIFIC_APPS SonicWall NetExtender for Windows EPC Client Update RCE Attempt (CVE-2024-29014)
suricata·2024-11-26·CVSS 8.8
CVE-2024-29014 [HIGH] ET WEB_SPECIFIC_APPS SonicWall NetExtender for Windows EPC Client Update RCE Attempt (CVE-2024-29014)
ET WEB_SPECIFIC_APPS SonicWall NetExtender for Windows EPC Client Update RCE Attempt (CVE-2024-29014)
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS SonicWall NetExtender for Windows EPC Client Update RCE Attempt (CVE-2024-29014)"; flow:established,to_client; http.stat_code; content:"200"; http.response_body; content:"sonicwallconnectagent|3a 2f 2f|"; fast_pattern; base64_decode:bytes 152, offset 0, relative; base64_data; content:"|22|action|22 3a |10|2c 22|helperversion|22 3a 22|"; content:"|22|host|22 3a|"; distance:0; content:"|22|port|22 3a 22|443|22 2c 22|username|22 3a 22|"; distance:0; content:"|22|extendid|22 3a|"; distance:0; reference:url,blog.amberwolf.com/blog/2024/november/sonicwall-netextender-for-windows---rce-as-system-via-epc-client-update-cve-2024-2
No public exploits indexed.
2024-07-18
Published