Sign-up

ID

VAR-202402-3290


CVE

CVE-2024-22395


TITLE

plural  SonicWALL  Product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2024-014110

DESCRIPTION

Improper access control vulnerability has been identified in the SMA100 SSL-VPN virtual office portal, which in specific conditions could potentially enable a remote authenticated attacker to associate another user's MFA mobile application. SMA200 firmware, SMA210 firmware, SMA400 firmware etc. SonicWALL There are unspecified vulnerabilities in the product.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2024-22395 // JVNDB: JVNDB-2024-014110

AFFECTED PRODUCTS

vendor:sonicwallmodel:sma 500vscope:ltversion:10.2.1.11-65sv

Trust: 1.0

vendor:sonicwallmodel:sma 400scope:ltversion:10.2.1.11-65sv

Trust: 1.0

vendor:sonicwallmodel:sma 410scope:ltversion:10.2.1.11-65sv

Trust: 1.0

vendor:sonicwallmodel:sma 200scope:ltversion:10.2.1.11-65sv

Trust: 1.0

vendor:sonicwallmodel:sma 210scope:ltversion:10.2.1.11-65sv

Trust: 1.0

vendor:sonicwallmodel:sma500vscope: - version: -

Trust: 0.8

vendor:sonicwallmodel:sma200scope: - version: -

Trust: 0.8

vendor:sonicwallmodel:sma400scope: - version: -

Trust: 0.8

vendor:sonicwallmodel:sma410scope: - version: -

Trust: 0.8

vendor:sonicwallmodel:sma210scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2024-014110 // NVD: CVE-2024-22395

CVSS

SEVERITY

CVSSV2

CVSSV3

PSIRT@sonicwall.com: CVE-2024-22395
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2024-22395
value: MEDIUM

Trust: 1.0

NVD: CVE-2024-22395
value: MEDIUM

Trust: 0.8

PSIRT@sonicwall.com: CVE-2024-22395
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 3.4
version: 3.1

Trust: 2.0

NVD: CVE-2024-22395
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2024-014110 // NVD: CVE-2024-22395 // NVD: CVE-2024-22395

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-287

Trust: 1.0

problemtype:Inappropriate authentication (CWE-287) [ others ]

Trust: 0.8

problemtype: Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-014110 // NVD: CVE-2024-22395

EXTERNAL IDS

db:NVDid:CVE-2024-22395

Trust: 2.6

db:JVNDBid:JVNDB-2024-014110

Trust: 0.8

sources: JVNDB: JVNDB-2024-014110 // NVD: CVE-2024-22395

REFERENCES

url:https://psirt.global.sonicwall.com/vuln-detail/snwlid-2024-0001

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-22395

Trust: 0.8

sources: JVNDB: JVNDB-2024-014110 // NVD: CVE-2024-22395

SOURCES

db:JVNDBid:JVNDB-2024-014110
db:NVDid:CVE-2024-22395

LAST UPDATE DATE

2024-12-11T23:08:45.137000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2024-014110date:2024-12-06T07:50:00
db:NVDid:CVE-2024-22395date:2024-12-05T17:04:30.223

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2024-014110date:2024-12-06T00:00:00
db:NVDid:CVE-2024-22395date:2024-02-24T00:15:45.673