CVE-2024-12805
Published: 09 January 2025
Summary
CVE-2024-12805 is a high-severity Use of Externally-Controlled Format String (CWE-134) vulnerability in Sonicwall (inferred from references). Its CVSS base score is 7.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 18.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-11 (Error Handling).
Deeper analysis
CVE-2024-12805 is a post-authentication format string vulnerability (CWE-134) in the SonicOS management interface of SonicWall firewalls. Published on January 9, 2025, it enables a remote attacker to crash the firewall and potentially achieve code execution. The issue carries a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H), indicating high impact on confidentiality, integrity, and availability.
Exploitation requires high privileges (PR:H), targeting authenticated administrative users with network access to the management interface. An attacker can remotely trigger the format string flaw with low attack complexity and no user interaction, resulting in a denial-of-service condition by crashing the firewall. Successful exploitation may escalate to arbitrary code execution within the management component.
SonicWall has published details on the vulnerability, including mitigation guidance, in PSIRT advisory SNWLID-2025-0004 at https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0004.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-51118
Vulnerability details
A post-authentication format string vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Post-auth RCE/DoS via format string flaw in internet-facing SonicOS management interface directly enables T1190 (public app exploitation) and T1068 (privilege escalation to code execution).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates the CVE by requiring timely identification, reporting, and patching of the known format string flaw in the SonicOS management interface.
Requires validation of post-authentication inputs to the management interface, directly preventing format string exploitation attempts.
Mandates secure error and exception handling to avoid crashes or information disclosure from malformed format strings in the management component.