Important Security Alert: SonicWall Issues Patch for SSL-VPN Vulnerabilities
SonicWall has released an Critical advisory urging administrators to address a critical vulnerability in its SSL-VPN product.
The flaw, identified as CVE-2024-53704, poses a significant security risk, allowing attackers to exploit the system remotely. Administrators are strongly encouraged to update their systems immediately to mitigate potential threats. SonicWall has released an Critical advisory urging administrators to address a critical vulnerability in its SSL-VPN product.
Key Details:
- The vulnerability allows unauthenticated remote attackers to execute arbitrary code on affected systems.
- It impacts SonicWall’s SSL-VPN products, widely used for secure remote access.
- Exploitation of this bug could lead to severe consequences, including unauthorized access to sensitive data, network infiltration, and system compromise.
Summary
| OEM | SonicWall |
| Severity | High |
| CVSS | 8.2 |
| CVEs | CVE-2024-53704 |
| Exploited in Wild | No |
| Patch/Remediation Available | Yes |
| Advisory Version | 1.0 |
Overview
The security flaw, tracked as CVE-2024-53704, presents a serious risk, enabling remote exploitation by attackers. Administrators are highly advised to apply the necessary patches without delay to protect against potential threats.
| Vulnerability Name | CVE ID | Product Affected | Severity | Affected Version |
| Improper Authentication | CVE-2024-53704 | SonicWall | High | 7.1.x (7.1.1-7058 and older), 7.1.2-7019 8.0.0-8035 |
| A privilege escalation vulnerability | CVE-2024-53706 | SonicWall | High | 7.1.x (7.1.1-7058 and older), 7.1.2-7019 |
| A weakness in the SSLVPN authentication token generator | CVE-2024-40762 | SonicWall | High | 7.1.x (7.1.1-7058 and older), 7.1.2-7019 |
| A server-side request forgery (SSRF) vulnerability | CVE-2024-53705 | SonicWall | Medium | 6.5.4.15-117n and older 7.0.x (7.0.1-5161 and older) |
Technical Summary
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2024-53704 | Gen7 Firewalls, Gen7 NSv, TZ80 | An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication. | Bypass authentication |
| CVE-2024-53706 | Gen7 Cloud Platform NSv | A vulnerability in the Gen7 SonicOS Cloud platform NSv (AWS and Azure editions only), allows a remote authenticated local low-privileged attacker to elevate privileges to `root` and potentially lead to code execution. | Allow attackers to gain root privileges and potentially execute code. |
| CVE-2024-40762 | Gen7 Firewalls, Gen7 NSv, TZ80 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in the SonicOS SSLVPN authentication token generator that, in certain cases, can be predicted by an attacker potentially resulting in authentication bypass. | Weak PRNG in authentication tokens can lead to authentication bypass in SSLVPN. |
| CVE-2024-53705 | Gen6 Hardware Firewalls, Gen7 Firewalls, Gen7 NSv | A Server-Side Request Forgery vulnerability in the SonicOS SSH management interface allows a remote attacker to establish a TCP connection to an IP address on any port when the user is logged in to the firewall. | Allow attackers to establish TCP connections to arbitrary IP addresses and ports |
Remediation:
- Update: Impacted users are recommended to upgrade to the following versions to address the security risk:
| Firewalls Versions | Fixes and Releases |
| Gen 6 / 6.5 hardware firewalls | SonicOS 6.5.5.1-6n or newer |
| Gen 6 / 6.5 NSv firewalls | SonicOS 6.5.4.v-21s-RC2457 or newer |
| Gen 7 firewalls | SonicOS 7.0.1-5165 or newer; 7.1.3-7015 and higher |
| TZ80: SonicOS | SonicOS 8.0.0-8037 or newer |
Recommendations:
- Patch Without Delay: Install the latest firmware update from SonicWall to resolve this vulnerability. Detailed instructions are available in SonicWall’s official advisory.
- Monitor Network Activity: Regularly monitor network traffic for signs of suspicious or unauthorized access.
- Limit Access: Restrict VPN access to trusted users and enforce Multi-Factor Authentication (MFA) for all accounts.
- Stay Updated: Subscribe to SonicWall’s security alerts and updates to stay informed about upcoming vulnerabilities.
References: