CVE-2024-40763
Published: 05 December 2024
Summary
CVE-2024-40763 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Sonicwall Sma 200 Firmware. Its CVSS base score is 7.5 (High).
Operationally, ranked in the top 6.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
A heap-based buffer overflow vulnerability exists in the SonicWall SMA100 SSLVPN product, stemming from unsafe use of the strcpy function. The flaw is tracked as CVE-2024-40763 and carries a CVSS 3.1 score of 7.5, reflecting network attack vectors that require low privileges but high attack complexity.
Remote authenticated attackers can trigger the overflow to achieve arbitrary code execution on the affected appliance. The EPSS score has remained flat at 0.1078 with no material increase since disclosure. The vendor advisory is available at https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0018.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-38806
Vulnerability details
Heap-based buffer overflow vulnerability in the SonicWall SMA100 SSLVPN due to the use of strcpy. This allows remote authenticated attackers to cause Heap-based buffer overflow and potentially lead to code execution.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.