VDB

CISA-2024-40765

CISA-2024-40765 PUBLISHED CVSS 9.8 CRITICAL

Reported by sonicwall · Published January 9, 2025

An Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a specially crafted IKEv2 payload.

Risk Scores

CVSS 3.1
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
SonicWallSonicOS6.5.4.4-44v-21-2395 and older versions, 7.0.1-5151 and older versions, 7.1.1-7051 and older versions
SonicWallSonicOS6.5.4.4-44v-21-2395 and older versions, 7.0.1-5151 and older versions, 7.1.1-7051 and older versions

Timeline

  • Jan 9, 2025 CVE Published
  • Jan 9, 2025 CVE Updated

References

  • vendor-advisory
Open in Interactive Console →
$ Console Community · 100/wk Open console ›