Sonicwall
CVE-2024-45316
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from Vendor (sonicwall) · only source for this CVE.
CVSS VectorVendor: sonicwall
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
The Improper link resolution before file access ('Link Following') vulnerability in SonicWall Connect Tunnel (version 12.4.3.271 and earlier of Windows client) allows users with standard privileges to delete arbitrary folders and files, potentially leading to local privilege escalation attack.
AnalysisAI
The Improper link resolution before file access ('Link Following') vulnerability in SonicWall Connect Tunnel (version 12.4.3.271 and earlier of Windows client) allows users with standard privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-59. The Improper link resolution before file access ('Link Following') vulnerability in SonicWall Connect Tunnel (version 12.4.3.271 and earlier of Windows client) allows users with standard privileges to delete arbitrary folders and files, potentially leading to local privilege escalation attack. Version information: version 12.4.3.271.
Affected ProductsAI
See vendor advisory for affected versions.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
SQL injection vulnerability in d4d/statusFilter.php in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.2
The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before
The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) 9.0.1.19899 and earlier has a default passwor
Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute
cgi-bin/admin.cgi in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 does not requir
The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerabili
The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to two Remote Command Injection vulnerabi
Use of password hash instead of password for authentication vulnerability in SonicWall GMS and Analytics allows Pass-the
The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authenticatio
The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerabili
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SonicWall GM
d4d/uploader.php in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allows remote at
Same weakness CWE-59 – Improper Link Resolution Before File Access
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today