Article Details
Scrape Timestamp (UTC): 2025-01-08 19:17:01.475
Original Article Text
Click to Toggle View
SonicWall urges admins to patch exploitable SSLVPN bug immediately. SonicWall is emailing customers urging them to upgrade their firewall's SonicOS firmware to patch an authentication bypass vulnerability in SSL VPN and SSH management that is "susceptible to actual exploitation." In an email sent to SonicWall customers and shared on Reddit, the firewall vendor says the patches are available as of yesterday, and all impacted customers should install them immediately to prevent exploitation. "We have identified a high (CVE Score 8.2) firewall vulnerability that is susceptible to actual exploitation for customers with SSL VPN or SSH management enabled and that should be mitigated immediately by upgrading to the latest firmware, which will be web-posted tomorrow, Jan 7th, 2025," warns a SonicWall email sent to customers. "The same firmware upgrade contains mitigations for additional, less-critical vulnerabilities." A SonicWall security bulletin tracks this flaw as CVE-2024-53704 (CVSS v3.0 score: 8.2, "high"), stating it impacts multiple generation six and generation seven firewalls, running 6.5.4.15-117n and older and 7.0.1-5161 and older versions. Impacted users are recommended to upgrade to the following versions to address the security risk: The same bulletin lists three more medium to high-severity issues summarized as follows: CVE-2024-40762 – A cryptographically weak pseudo-random number generator (PRNG) is used in the SSL VPN authentication token generator, potentially allowing an attacker to predict tokens and bypass authentication in certain cases. CVE-2024-53705 – A server-side request forgery (SSRF) vulnerability in the SonicOS SSH management interface enables a remote attacker to establish TCP connections to arbitrary IP addresses and ports, provided the attacker is logged into the firewall. CVE-2024-53706 – A flaw in the Gen7 SonicOS Cloud NSv (specific to AWS and Azure editions) allows a low-privileged, authenticated attacker to escalate privileges to root, potentially enabling code execution. SonicWall also lists some mitigations for the SSLVPN vulnerabilities, including limiting access to trusted sources and restricting access from the internet entirely if not needed. To mitigate SSH flaws, administrators are recommended to restrict firewall SSH management access and consider disabling access from the internet.
Daily Brief Summary
SonicWall has issued an urgent advisory to customers to upgrade SonicOS firmware due to a critical authentication bypass vulnerability in its SSL VPN and SSH management services.
The vulnerability is tracked as CVE-2024-53704 with a high severity rating of 8.2, impacting generation six and seven firewalls.
The flaw allows for potential exploitation, posing significant security risks if not promptly mitigated by installing the updated firmware.
Additional vulnerabilities addressed include a weak PRNG in SSL VPN authentication, an SSRF vulnerability in the SSH interface, and a privilege escalation flaw specific to Gen7 SonicOS Cloud NSv in AWS and Azure environments.
SonicWall recommends restricting SSH management and SSL VPN access to trusted sources and, if possible, disabling internet access to these services as part of the mitigation strategies.
The company has made patches available as of January 6, 2025, and urges all affected customers to update immediately to safeguard their networks.
Administrators are advised to monitor for updates regularly and implement recommended security measures to reinforce firewall integrity.