CVE-2024-45317 | THREATINT

Description

A Server-Side Request Forgery (SSRF) vulnerability in SMA1000 appliance firmware versions 12.4.3-02676 and earlier allows a remote, unauthenticated attacker to cause the SMA1000 server-side application to make requests to an unintended IP address.

PUBLISHED Reserved 2024-08-26 | Published 2024-10-11 | Updated 2025-03-22 | Assigner sonicwall

Problem types

CWE-918 Server-Side Request Forgery (SSRF)

Product status

Default status

unknown

12.4.3-02676 and earlier versions

affected

Credits

Wenjie Zhong (H4lo) of Webin DBappSecurity Co., Ltd. reporter

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0017 vendor-advisory

cve.org (CVE-2024-45317)

nvd.nist.gov (CVE-2024-45317)

Download JSON