Home

Description

A post-authentication format string vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution.

PUBLISHED Reserved 2024-12-19 | Published 2025-01-09 | Updated 2025-01-17 | Assigner sonicwall

Problem types

CWE-134 Use of Externally-Controlled Format String

Product status

Default status
unknown

6.5.4.15-117n and older versions
affected

7.0.1-5161 and older version
affected

7.1.2-7019
affected

8.0.0-8035
affected

Credits

Catalpa of DBappSecurity Co. Ltd. finder

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0004 vendor-advisory

cve.org (CVE-2024-12805)

nvd.nist.gov (CVE-2024-12805)

Download JSON