- SonicWall sends IT administrators an email alerting them to a very serious vulnerability in its firewalls
- The bug is “susceptible to actual exploitation,” the report said
- A patch is available, as well as some mitigation measures
SonicWall recently addressed a very serious vulnerability in its firewalls that is “susceptible to actual exploitation.” The company has since started notifying IT administrators, urging them to immediately adopt the solution and secure their endpoints.
Quoting a few Reddit users SonicWall contacted: BleepingComputer said the vulnerability is an authentication bypass in SSL VPN and SSH management, tracked as CVE-2024-53704.
It has a severity score of 8.2 (high) and affects multiple generation six and seven firewalls powered by SonicOS 6.5.4.15-117n and older and 7.0.1-5161 and older.
Three more flaws
“We have identified a high (CVE Score 8.2) firewall vulnerability that is susceptible to actual exploitation by customers with SSL VPN or SSH management enabled and that should be immediately addressed by upgrading to the latest firmware, which will be available on the Internet tomorrow to be posted, Jan 7th 2025,” SonicWall apparently said in the email.
“The same firmware upgrade includes fixes for additional, less critical vulnerabilities.”
For those using Gen 6 or 6.5 hardware firewalls, SonicOS 6.5.5.1-6n or newer is the firmware to update to, while Gen 6/6.5 NSv firewalls should look for SonicOS 6.5.4.v-21s-RC2457 or newer. Finally, TZ80 users will need at least SonicOS 8.0.0-8037.
In the same patch, the company fixed three additional flaws (CVE-2024-40762, CVE-2024-53705, and CVE-2024-53706), which allow authentication bypass, remote code execution, and more.
Those who cannot immediately install the patch should at least apply the measures that SonicWall suggests in the safety adviceincluding restricting access to trusted resources or disabling SSLVPN access from the Internet.
To minimize the potential impact of an SSH vulnerability, SonicWall suggests also limiting firewall management to trusted sources, and disabling SSH firewall management from the Internet.
Via BleepingComputer