Rewterz

LockBit Ransomware Admin Found and Sanctioned by US, UK, Australian Authorities

May 8, 2024
Rewterz

ROOTROT Webshell Used by Chinese Threat Actors in MITRE Network Intrusion

May 8, 2024

Multiple SonicWall GMS Virtual Appliance Zero-Day Vulnerability

Severity

High

Analysis Summary

CVE-2024-29010 CVSS:7.1

SonicWALL GMS Virtual Appliance could allow a remote authenticated attacker to obtain sensitive information, caused by improper handling of XML external entity (XXE) declarations in the ECMPolicyRequest class. By sending a specially crafted XML content, a remote attacker could exploit this vulnerability to obtain sensitive information in the context of root.

CVE-2024-29011 CVSS:7.5

SonicWALL GMS Virtual Appliance could allow a remote attacker to bypass security restrictions, caused by the use of hardcoded credential in the ECMClientAuthenticator class. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass authentication on the system.

Impact

  • Information Disclosure
  • Security Bypass

Indicators of Compromise

CVE

  • CVE-2024-29010
  • CVE-2024-29011

Affected Vendors

Sonicwall

Affected Products

  • SonicWall GMS 9.3.4

Remediation

Refer to SonicWall Security Advisory for patch, upgrade or suggested workaround information.

SonicWall Security Advisory

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.