CVE-2024-45319

A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions allows a remote authenticated attacker can circumvent the certificate requirement during authentication.

CVSS v3 6.3 MEDIUM

6.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0018	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:sonicwall:sma_200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:sma_200:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:sonicwall:sma_210_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:sma_210:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:sonicwall:sma_400_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:sma_400:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:sonicwall:sma_410_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:sma_410:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:sonicwall:sma_500v_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:sma_500v:-:*:*:*:*:*:*:*

History

04 Nov 2025, 17:09

Type	Values Removed	Values Added
First Time		Sonicwall sma 210 Firmware Sonicwall sma 400 Sonicwall sma 210 Sonicwall sma 200 Sonicwall sma 410 Firmware Sonicwall sma 500v Firmware Sonicwall sma 500v Sonicwall Sonicwall sma 410 Sonicwall sma 400 Firmware Sonicwall sma 200 Firmware
References	~~() https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0018 -~~	() https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0018 - Vendor Advisory
CPE		cpe:2.3:o:sonicwall:sma_210_firmware:::::::: cpe:2.3:h:sonicwall:sma_210:-:::::::* cpe:2.3:o:sonicwall:sma_500v_firmware:::::::: cpe:2.3:h:sonicwall:sma_410:-:::::::* cpe:2.3:o:sonicwall:sma_200_firmware:::::::: cpe:2.3:h:sonicwall:sma_200:-:::::::* cpe:2.3:h:sonicwall:sma_500v:-:::::::* cpe:2.3:o:sonicwall:sma_410_firmware:::::::: cpe:2.3:o:sonicwall:sma_400_firmware:::::::: cpe:2.3:h:sonicwall:sma_400:-:::::::*
Summary		(es) Una vulnerabilidad en el firmware SonicWall SMA100 SSLVPN 10.2.1.13-72sv y versiones anteriores permite que un atacante autenticado remoto pueda eludir el requisito del certificado durante la autenticación.

05 Dec 2024, 17:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.3

05 Dec 2024, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-05 14:15

Updated : 2025-11-04 17:09

NVD link : CVE-2024-45319

Mitre link : CVE-2024-45319

CVE.ORG link : CVE-2024-45319

JSON object : View

Products Affected

sonicwall

sma_400
sma_200_firmware
sma_400_firmware
sma_500v_firmware
sma_210
sma_210_firmware
sma_200
sma_410
sma_410_firmware
sma_500v

CWE

CWE-798

Use of Hard-coded Credentials

6.3 /10