CVE-2024-45316
📋 TL;DR
This vulnerability in SonicWall Connect Tunnel allows standard users to delete arbitrary files and folders through improper link resolution, potentially enabling local privilege escalation. It affects Windows clients running version 12.4.3.271 or earlier. Attackers could exploit this to gain elevated privileges on affected systems.
💻 Affected Systems
- SonicWall Connect Tunnel
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation leading to full system compromise, data destruction, or persistence establishment.
Likely Case
Standard users deleting critical system files causing service disruption or data loss.
If Mitigated
Limited impact if proper file permissions and user privilege separation are enforced.
🎯 Exploit Status
Requires local access with standard user privileges; exploitation likely involves symbolic link manipulation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 12.4.3.272 or later
Vendor Advisory: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0017
Restart Required: Yes
Instructions:
1. Download latest SonicWall Connect Tunnel client from official portal. 2. Uninstall current version. 3. Install updated version 12.4.3.272 or later. 4. Restart system.
🔧 Temporary Workarounds
Restrict user privileges
windowsLimit standard users' ability to create symbolic links or access sensitive directories.
Use Group Policy to restrict SeCreateSymbolicLinkPrivilege
Implement strict file system permissions
🧯 If You Can't Patch
- Remove SonicWall Connect Tunnel from non-essential systems
- Implement strict user privilege separation and monitor for suspicious file deletion activities
🔍 How to Verify
Check if Vulnerable:
Check SonicWall Connect Tunnel version in Windows Programs and Features; if version is 12.4.3.271 or earlier, system is vulnerable.Check Version:
wmic product where "name like 'SonicWall Connect Tunnel%'" get versionVerify Fix Applied:
Verify installed version is 12.4.3.272 or later in Programs and Features.📡 Detection & Monitoring
Log Indicators:
- Unexpected file/folder deletion events in Windows Event Logs
- SonicWall Connect Tunnel service errors
Network Indicators:
- Unusual VPN connection patterns if tunnel is affected
SIEM Query:
EventID=4663 OR EventID=4656 with ObjectName containing sensitive paths and ProcessName containing 'SonicWall'