FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial
FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial

CVE-2024-45316

Improper Link Resolution Before File Access ('Link Following') (CWE-59)

Published: Oct 11, 2024 / Updated: 39d ago

010
CVSS 7.8EPSS 0.04%High
CVE info copied to clipboard

The Improper link resolution before file access ('Link Following') vulnerability in SonicWall Connect Tunnel (version 12.4.3.271 and earlier of Windows client) allows users with standard privileges to delete arbitrary folders and files, potentially leading to local privilege escalation attack.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Timeline

First Article

Feedly found the first article mentioning CVE-2024-45316. See article

Oct 10, 2024 at 4:34 PM / CERT.at - Tagesberichte
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Oct 10, 2024 at 4:42 PM
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Oct 11, 2024 at 8:33 AM
CVE Assignment

NVD published the first details for CVE-2024-45316

Oct 11, 2024 at 1:15 PM
CVSS

A CVSS base score of 7.8 has been assigned.

Oct 11, 2024 at 9:41 PM / nvd
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.7%)

Oct 12, 2024 at 10:54 AM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Nessus (209662)

Oct 25, 2024 at 7:15 PM
Static CVE Timeline Graph

Affected Systems

Sonicwall
+null more

Links to Mitre Att&cks

T1547.009: Shortcut Modification
+null more

Attack Patterns

CAPEC-132: Symlink Attack
+null more

News

SonicWall Connect Tunnel Multiple Vulnerabilities (SNWLID-2024-0017)
Newest Plugins from Tenable / 25d
- The Improper link resolution before file access ('Link Following') vulnerability in SonicWall Connect Tunnel (version 12.4.3.271 and earlier of Windows client) allows users with standard privileges to create arbitrary folders and files, potentially leading to local Denial of Service (DoS) attack. - The Improper link resolution before file access ('Link Following') vulnerability in SonicWall Connect Tunnel (version 12.4.3.271 and earlier of Windows client) allows users with standard privileges to delete arbitrary folders and files, potentially leading to local privilege escalation attack.
Multiple Vulnerabilities in SonicWall
In Progress Plugin Pipeline from Tenable / 33d
Development Last Updated: 10/17/2024 CVEs: CVE-2024-45315 , CVE-2024-45316
Security Bulletin 16 Oct 2024 - Cyber Security Agency of Singapore
Google Alert - NVD NIST cve / 34d
https:// nvd . nist .gov/vuln/detail/ CVE -2024-9985. CVE -2024-47875, DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML ...
Vulnerability in Sonicwall SMA1000 series allows privilege escalation | heise online
Google 快訊 - Security Vulnerability / 36d
In the connect tunnel client of the SMA1000 appliances, another "link following" vulnerability allows users with standard rights to create arbitrary files and folders and thus trigger a denial of service (CVE-2024-45315, CVSS 6.1, medium ). Sonicwall warns of security vulnerabilities in SSL VPN appliances of the SMA1000 series and the Connect Tunnel Client for Windows.
SonicWall Family October 2024 1st Security Update Advisory
Security Advisory 보관 - ASEC / 37d
For more information on Vulnerability Patches, Please refer to the “FIXED SOFTWARE” section of the product-specific Referenced Sites document. The following product-specific Vulnerability Patches were made available with the October 10, 2024 update.
See 14 more articles and social media posts

CVSS V3.1

Attack Vector:Local
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

CVSS 7.8(51562)CWE-59(1181)

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence30-day free trial