Internet Security

SonicWall warns of an exploitable SonicOS vulnerability

January 8, 2025 add comment

SonicWall warns customers to address an authentication bypass vulnerability in its firewall’s SonicOS that is “susceptible to actual exploitation.”

SonicWall is urging customers to upgrade the SonicOS firmware of their firewalls to patch an authentication bypass vulnerability tracked as CVE-2024-53704 (CVSS score of 8.2). The vulnerability resides in SSL VPN and SSH management and according to the vendor is “susceptible to actual exploitation.”

“We have identified a high (CVE Score 8.2) firewall vulnerability that is susceptible to actual exploitation for customers with SSL VPN or SSH management enabled and that should be mitigated immediately by upgrading to the latest firmware, which will be web-posted tomorrow, Jan 7th, 2025. The same firmware upgrade contains mitigations for additional, less-critical vulnerabilities.” reads the notification sent by the company to the customers via email.

“The list of all security advisories and the associated list of vulnerabilities is below. Again, this upgrade addresses a high vulnerability for SSL VPN users that should be considered at imminent risk of exploitation and updated immediately. 

All customers are encouraged to upgrade their firewalls to the latest MR listed below.”

Below are the releases that address the vulnerabilities listed in the table above.

  • Gen 6 / 6.5 hardware firewalls: SonicOS 6.5.5.1-6n or newer
  • Gen 6 / 6.5 NSv firewalls: SonicOS 6.5.4.v-21s-RC2457 or newer
  • Gen 7 firewalls: SonicOS 7.0.1-5165 or newer ; 7.1.3-7015 and higher
  • TZ80: SonicOS 8.0.0-8037 or newer

The vendor also provided the following mitigation:

“To minimize the potential impact of SSLVPN vulnerabilities, please ensure that access is limited to trusted sources, or disable SSLVPN access from the Internet. For more information about disabling firewall SSLVPN access, see: how-can-i-setup-ssl-vpn.” reads the advisory published by the company in the workaround session. “To minimize the potential impact of an SSH vulnerability, we recommend restricting firewall management to trusted sources or disabling firewall SSH management from Internet access.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, SonicOS)

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to our Newsletter