CVE-2024-29012
📋 TL;DR
A stack-based buffer overflow vulnerability in SonicOS HTTP server allows authenticated remote attackers to cause Denial of Service (DoS) by exploiting improper bounds checking in the sscanf function. This affects SonicWall firewall devices running vulnerable SonicOS versions. Attackers with valid authentication credentials can trigger this vulnerability.
💻 Affected Systems
- SonicWall firewalls with SonicOS
📦 What is this software?
Sonicos by Sonicwall
Sonicos by Sonicwall
Sonicos by Sonicwall
⚠️ Risk & Real-World Impact
Worst Case
Complete system crash requiring physical reboot, potential for remote code execution if exploit chains with other vulnerabilities, and extended service disruption.
Likely Case
Denial of Service causing firewall reboot and network connectivity interruption until system restarts automatically or manually.
If Mitigated
Minimal impact with proper network segmentation and authentication controls limiting attack surface.
🎯 Exploit Status
Exploitation requires authenticated access; buffer overflow via sscanf suggests straightforward exploitation once authentication is obtained.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check SonicWall advisory SNWLID-2024-0008 for specific patched versions
Vendor Advisory: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0008
Restart Required: Yes
Instructions:
1. Log into SonicWall management interface. 2. Navigate to System > Settings > Firmware & Backups. 3. Download latest firmware from SonicWall support portal. 4. Upload and install firmware update. 5. Reboot device after installation completes.
🔧 Temporary Workarounds
Disable HTTP management interface
allDisable HTTP access to management interface to prevent exploitation via this vector.
Navigate to System > Administration > Management via: HTTPS only
Restrict management access
allLimit management interface access to trusted IP addresses only.
Navigate to Firewall > Access Rules: Add rule restricting management IPs
🧯 If You Can't Patch
- Implement strict network segmentation to isolate firewall management interfaces
- Enforce strong authentication policies and monitor for suspicious login attempts
🔍 How to Verify
Check if Vulnerable:
Check SonicOS version in System > Status > System Summary; compare with SonicWall advisory for affected versions.Check Version:
Show via CLI: show versionVerify Fix Applied:
Verify firmware version after update matches patched version listed in SonicWall advisory.📡 Detection & Monitoring
Log Indicators:
- Multiple authentication failures followed by HTTP requests with malformed parameters
- System log entries indicating unexpected reboots or crashes
Network Indicators:
- Unusual HTTP traffic patterns to management interface on port 80/443
- Traffic spikes from authenticated sources
SIEM Query:
source="sonicwall" AND (event_type="system_reboot" OR http_request CONTAINS "sscanf")