Product Notice: SMA 1000 Series affected by Remote Code Execution in SSH vulnerability

First Published:07/30/2024 Last Updated:07/30/2024

 

Overview 

  • CVE-2024-6387: Remote Code Execution Vulnerability
    • CVSS Score: 8.1

SonicWall Secure Mobile Access 12.4.3, including earlier versions are installed with OpenSSH’s server (sshd).  A security regression was recently discovered which can lead sshd to handle some signals in an unsafe manner. 

Impact: Successfully leveraging CVE-2024-6387 against Secure Mobile Connect could result in an unauthenticated remote attacker gaining root access to the device.  It should be noted however, this vulnerability has only been verified against 32-bit systems.  While it may be theoretically possible to exploit a 64-bit system, it is much more difficult.  So much so that there has been no successful demonstration of this exploit against a 64-bit system thus far at the time of this article’s writing. 

IMPORTANT: SonicWall is not aware of active exploitation in the wild. There have not been any reports of malicious use of this vulnerability reported to SonicWall.

Product Impact

Please review the table below to see the products and their versions that are impacted:

Impacted Product(s)

Impacted OS

Impacted Versions

SMA 1000 (all models)

Linux

12.4.3 and earlier versions

Mitigation

Because this vulnerability depends on an SSH session to exploit, SonicWall highly recommends disabling or restricting the IP addresses listed as Remote Hosts.  Disabling SSH entirely thus prevents any access to SSH and therefore fully mitigates this vulnerability.

See KB article: Enabling SSH Access from Remote Hosts

Remediation

Impacted Product(s)

Impacted OS

Impacted Versions

Fixed Version

SMA 1000 (all models)

Linux

12.4.3 and earlier versions

12.4.3-02676 (July Hotfix)

SonicWall strongly advises Secure Mobile Access customers to upgrade to the latest release version. 

Related information