Cyber Resilience

CVE-2024-40763

High

Published: 05 December 2024

Published
05 December 2024
Modified
06 November 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.1078 93.5th percentile
Risk Priority 21 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-40763 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Sonicwall Sma 200 Firmware. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 6.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

A heap-based buffer overflow vulnerability exists in the SonicWall SMA100 SSLVPN product, stemming from unsafe use of the strcpy function. The flaw is tracked as CVE-2024-40763 and carries a CVSS 3.1 score of 7.5, reflecting network attack vectors that require low privileges but high attack complexity.

Remote authenticated attackers can trigger the overflow to achieve arbitrary code execution on the affected appliance. The EPSS score has remained flat at 0.1078 with no material increase since disclosure. The vendor advisory is available at https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0018.

EU & UK References

Vulnerability details

Heap-based buffer overflow vulnerability in the SonicWall SMA100 SSLVPN due to the use of strcpy. This allows remote authenticated attackers to cause Heap-based buffer overflow and potentially lead to code execution.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

sonicwall
sma 200 firmware
≤ 10.2.1.14-75sv
sonicwall
sma 210 firmware
≤ 10.2.1.14-75sv
sonicwall
sma 400 firmware
≤ 10.2.1.14-75sv
sonicwall
sma 410 firmware
≤ 10.2.1.14-75sv
sonicwall
sma 500v firmware
≤ 10.2.1.14-75sv

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References