Stack-based buffer overflow vulnerability in the SonicOS HTTP server allows an authenticated remote attacker to cause Denial of Service (DoS) via sscanf function.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Sonicwall
  • Nsa 2700
  • Nsa 3700
  • Nsa 4700
  • Nsa 5700
  • Nsa 6700
  • Nssp 10700
  • Nssp 11700
  • Nssp 13700
  • Nsv 270
  • Nsv 470
  • Nsv 870
  • Sonicos
  • Tz270
  • Tz270w
  • Tz370
  • Tz370w
  • Tz470
  • Tz470w
  • Tz570
  • Tz570p
  • Tz570w
  • Tz670

Configuration 1 [-]

AND
OR cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*
OR cpe:2.3:h:sonicwall:nsa_2700:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_3700:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_4700:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_5700:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_6700:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nssp_10700:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nssp_11700:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nssp_13700:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsv_270:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsv_470:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsv_870:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz270:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz270w:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz370:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz370w:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz470:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz470w:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz570:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz570p:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz570w:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz670:-:*:*:*:*:*:*:*

No data.

References
Link Providers
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0008 cve-icon cve-icon cve-icon
History

Mon, 19 Aug 2024 20:00:00 +0000

Type Values Removed Values Added
First Time appeared Sonicwall
Sonicwall nsa 2700
Sonicwall nsa 3700
Sonicwall nsa 4700
Sonicwall nsa 5700
Sonicwall nsa 6700
Sonicwall nssp 10700
Sonicwall nssp 11700
Sonicwall nssp 13700
Sonicwall nsv 270
Sonicwall nsv 470
Sonicwall nsv 870
Sonicwall sonicos
Sonicwall tz270
Sonicwall tz270w
Sonicwall tz370
Sonicwall tz370w
Sonicwall tz470
Sonicwall tz470w
Sonicwall tz570
Sonicwall tz570p
Sonicwall tz570w
Sonicwall tz670
Weaknesses CWE-787
CPEs cpe:2.3:h:sonicwall:nsa_2700:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_3700:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_4700:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_5700:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_6700:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nssp_10700:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nssp_11700:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nssp_13700:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsv_270:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsv_470:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsv_870:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz270:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz270w:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz370:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz370w:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz470:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz470w:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz570:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz570p:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz570w:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz670:-:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*
Vendors & Products Sonicwall
Sonicwall nsa 2700
Sonicwall nsa 3700
Sonicwall nsa 4700
Sonicwall nsa 5700
Sonicwall nsa 6700
Sonicwall nssp 10700
Sonicwall nssp 11700
Sonicwall nssp 13700
Sonicwall nsv 270
Sonicwall nsv 470
Sonicwall nsv 870
Sonicwall sonicos
Sonicwall tz270
Sonicwall tz270w
Sonicwall tz370
Sonicwall tz370w
Sonicwall tz470
Sonicwall tz470w
Sonicwall tz570
Sonicwall tz570p
Sonicwall tz570w
Sonicwall tz670
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}
cve-icon MITRE

Status: PUBLISHED

Assigner: sonicwall

Published: 2024-06-20T08:11:10.318Z

Updated: 2024-08-02T01:03:51.511Z

Reserved: 2024-03-14T03:29:41.180Z

Link: CVE-2024-29012

cve-icon Vulnrichment

Updated: 2024-08-02T01:03:51.511Z

cve-icon NVD

Status : Analyzed

Published: 2024-06-20T09:15:11.347

Modified: 2024-08-19T19:34:59.167

Link: CVE-2024-29012

cve-icon Redhat

No data.