SonicWall is emailing prospects urging them to improve their firewall’s SonicOS firmware to patch an authentication bypass vulnerability in SSL VPN and SSH administration that’s “susceptible to actual exploitation.”
In an e mail despatched to SonicWall prospects and shared on Reddit, the firewall vendor says the patches can be found as of yesterday, and all impacted prospects ought to set up them instantly to stop exploitation.
“We have identified a high (CVE Score 8.2) firewall vulnerability that is susceptible to actual exploitation for customers with SSL VPN or SSH management enabled and that should be mitigated immediately by upgrading to the latest firmware, which will be web-posted tomorrow, Jan 7th, 2025,” warns a SonicWall e mail despatched to prospects.
“The same firmware upgrade contains mitigations for additional, less-critical vulnerabilities.”
A SonicWall safety bulletin tracks this flaw as CVE-2024-53704 (CVSS v3.0 rating: 8.2, “high”), stating it impacts a number of era six and era seven firewalls, operating 6.5.4.15-117n and older and seven.0.1-5161 and older variations.
Impacted customers are really helpful to improve to the next variations to deal with the safety threat:
- Gen 6 / 6.5 {hardware} firewalls: SonicOS 6.5.5.1-6n or newer
- Gen 6 / 6.5 NSv firewalls: SonicOS 6.5.4.v-21s-RC2457 or newer
- Gen 7 firewalls: SonicOS 7.0.1-5165 or newer; 7.1.3-7015 and better
- TZ80: SonicOS 8.0.0-8037 or newer
The identical bulletin lists three extra medium to high-severity points summarized as follows:
CVE-2024-40762 – A cryptographically weak pseudo-random quantity generator (PRNG) is used within the SSL VPN authentication token generator, probably permitting an attacker to foretell tokens and bypass authentication in sure circumstances.
CVE-2024-53705 – A server-side request forgery (SSRF) vulnerability within the SonicOS SSH administration interface permits a distant attacker to ascertain TCP connections to arbitrary IP addresses and ports, supplied the attacker is logged into the firewall.
CVE-2024-53706 – A flaw within the Gen7 SonicOS Cloud NSv (particular to AWS and Azure editions) permits a low-privileged, authenticated attacker to escalate privileges to root, probably enabling code execution.
SonicWall additionally lists some mitigations for the SSLVPN vulnerabilities, together with limiting entry to trusted sources and limiting entry from the web completely if not wanted.
To mitigate SSH flaws, directors are really helpful to prohibit firewall SSH administration entry and think about disabling entry from the web.
