CVE-2024-22396
5.3
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
An Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a specially crafted IKEv2 payload.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SonicWall | SonicOS | 7.0.1-5145 and earlier versions | affected |
| SonicWall | SonicOS | 7.1.1-7047 and earlier versions | affected |
| SonicWall | SonicOS | 6.5.4.13-105n and earlier versions | affected |
| SonicWall | SonicOS | 6.5.4.4-44v-21-2340 and earlier versions | affected |
Weaknesses
- CWE-190: CWE-190 Integer Overflow or Wraparound
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.