CVE-2024-29014

Vulnerability in SonicWall SMA100 NetExtender Windows (32 and 64-bit) client 10.2.339 and earlier versions allows an attacker to arbitrary code execution when processing an EPC Client update.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
sonicwallCNA
---
---
CISA-ADPADP
7.1 HIGH
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 62%
VendorProductVersion
sonicwallnetextender
𝑥
< 10.2.341
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0011
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0011