Vulnerability in Sonicwall Sonicos

CVE-2024-12806

A post-authentication absolute path traversal vulnerability in SonicOS management allows a remote attacker to read an arbitrary file.

EPSS: 0.001 (31.5th percentile) — read the EPSS interpretation.

Affected products

Sonicwall Sonicos — versions 6.5.4.15-117n and older versions, 7.0.1-5161 and older version, 7.1.2-7019

Weakness classification (CWE)

CWE-37

Public proof-of-concept exploits

ARPSyndicate/cve-scores

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0004 (vendor-advisory)

Frequently asked questions

What is CVE-2024-12806?: CVE-2024-12806 is a vulnerability in Sonicwall Sonicos, classified under CWE-37. Published 2025-01-09.
Is CVE-2024-12806 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.