Today's cybersecurity headlines are brought to you by ThreatPerspective
Ethical Hacking News

SonicWall Urges Admins to Act Swiftly in Response to Exploitable SSLVPN Bug



SonicWall has warned its customers of a critical security flaw in their firewalls that can be exploited by attackers. The company is urging admins to patch the bug immediately to prevent potential attacks and ensure network security. If you are impacted by this vulnerability, upgrade your firmware to the latest version as soon as possible.

  • SonicWall has issued an urgent warning about a security vulnerability (CVE-2024-53704) in their firewall's SSL VPN and SSH management systems.
  • The bug can be exploited and poses a significant threat to network security, prompting customers to patch it immediately.
  • Patches are available as of January 7th, 2025, and customers should install them without delay.
  • Impacted users need to upgrade their firmware to fix the vulnerability; specific versions vary by firewall model.
  • Additionally, three other medium to high-severity issues have been identified, including a cryptographically weak PRNG and SSRF vulnerabilities.
  • SonicWall advises administrators to restrict SSH management access and consider disabling internet access to mitigate these flaws.



    • SonicWall, a leading provider of network security solutions, has sounded the alarm for its customers by urging them to patch an exploitable bug in their firewall's SSL VPN and SSH management systems immediately. The company warns that this bug, identified as CVE-2024-53704, is susceptible to actual exploitation and poses a significant threat to network security.

    In an email sent to SonicWall customers and shared on Reddit, the firm states that the patches are available as of yesterday, January 7th, 2025, and all impacted customers should install them without delay to prevent potential attacks. The company emphasizes that while the bug is considered high-severity, it can be mitigated by upgrading to the latest firmware, which will also include mitigations for additional less-critical vulnerabilities.

    The SonicWall security bulletin tracks this flaw as CVE-2024-53704 and states that it impacts multiple generations of six and seven firewalls running 6.5.4.15-117n and older versions, as well as generation seven firewalls running 7.0.1-5161 and older versions. Impacted users are advised to upgrade their firmware to the following versions to address the security risk:

    Gen 6/6.5 hardware firewalls: SonicOS 6.5.5.1-6n or newer
    Gen 6/6.5 NSv firewalls: SonicOS 6.5.4.v-21s-RC2457 or newer
    Gen 7 firewalls: SonicOS 7.0.1-5165 or newer; 7.1.3-7015 and higher
    TZ80: SonicOS 8.0.0-8037 or newer

    The same bulletin lists three more medium to high-severity issues, including CVE-2024-40762, which involves a cryptographically weak pseudo-random number generator (PRNG) in the SSL VPN authentication token generator, potentially allowing an attacker to predict tokens and bypass authentication in certain cases. Another issue, CVE-2024-53705, is a server-side request forgery (SSRF) vulnerability in the SonicOS SSH management interface, which enables a remote attacker to establish TCP connections to arbitrary IP addresses and ports, provided they are logged into the firewall.

    The third issue listed by SonicWall, CVE-2024-53706, involves a flaw in the Gen7 SonicOS Cloud NSv (specific to AWS and Azure editions) that allows a low-privileged, authenticated attacker to escalate privileges to root, potentially enabling code execution. SonicWall also provides some mitigations for these vulnerabilities, including limiting access to trusted sources and restricting access from the internet entirely if not needed.

    To mitigate SSH flaws, administrators are advised to restrict firewall SSH management access and consider disabling access from the internet. This urgent notice highlights the importance of keeping network security solutions up-to-date with the latest firmware patches to prevent potential attacks.

    In conclusion, SonicWall's warning serves as a timely reminder for organizations that rely on their firewalls to take immediate action to patch this exploitable bug in their SSL VPN and SSH management systems. Failure to do so may result in unauthorized access, data breaches, or even code execution by malicious actors.



    Related Information:

  • https://www.bleepingcomputer.com/news/security/sonicwall-urges-admins-to-patch-exploitable-sslvpn-bug-immediately/

  • https://www.bleepingcomputer.com/news/security/sonicwall-strongly-urges-admins-to-patch-sslvpn-sma1000-bugs/

  • https://nvd.nist.gov/vuln/detail/CVE-2024-53704

  • https://www.cvedetails.com/cve/CVE-2024-53704/

  • https://nvd.nist.gov/vuln/detail/CVE-2024-40762

  • https://www.cvedetails.com/cve/CVE-2024-40762/

  • https://nvd.nist.gov/vuln/detail/CVE-2024-53705

  • https://www.cvedetails.com/cve/CVE-2024-53705/

  • https://nvd.nist.gov/vuln/detail/CVE-2024-53706

  • https://www.cvedetails.com/cve/CVE-2024-53706/


    • Published: Wed Jan 8 15:48:37 2025 by llama3.2 3B Q4_K_M


         


    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us