What is CVE-2024-29014?

CVE-2024-29014 is a vulnerability in Sonicwall Netextender, classified under Code Injection. Published 2024-07-18.

Is CVE-2024-29014 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Sonicwall Netextender

CVE-2024-29014

Vulnerability in SonicWall SMA100 NetExtender Windows (32 and 64-bit) client 10.2.339 and earlier versions allows an attacker to arbitrary code execution when processing an EPC Client update.

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.012 (79.4th percentile) — read the EPSS interpretation.

Affected products

Sonicwall Netextender — versions 10.2.339 and earlier versions

Weakness classification (CWE)

CWE-94 — Code Injection

Public proof-of-concept exploits

AmberWolfCyber/NachoVPN
fkie-cad/nvd-json-data-feeds

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0011 (vendor-advisory)

Frequently asked questions

What is CVE-2024-29014?: CVE-2024-29014 is a vulnerability in Sonicwall Netextender, classified under Code Injection. Published 2024-07-18.
Is CVE-2024-29014 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.