We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

Security Advisory

Important Security Alert: SonicWall Issues Patch for SSL-VPN Vulnerabilities 

SonicWall has released an Critical advisory urging administrators to address a critical vulnerability in its SSL-VPN product.

The flaw, identified as CVE-2024-53704, poses a significant security risk, allowing attackers to exploit the system remotely. Administrators are strongly encouraged to update their systems immediately to mitigate potential threats. SonicWall has released an Critical advisory urging administrators to address a critical vulnerability in its SSL-VPN product.

Key Details:

  • The vulnerability allows unauthenticated remote attackers to execute arbitrary code on affected systems.
  • It impacts SonicWall’s SSL-VPN products, widely used for secure remote access.
  • Exploitation of this bug could lead to severe consequences, including unauthorized access to sensitive data, network infiltration, and system compromise.

Summary 

OEM SonicWall 
Severity High 
CVSS 8.2 
CVEs CVE-2024-53704 
Exploited in Wild No 
Patch/Remediation Available Yes 
Advisory Version 1.0 

Overview 

The security flaw, tracked as CVE-2024-53704, presents a serious risk, enabling remote exploitation by attackers. Administrators are highly advised to apply the necessary patches without delay to protect against potential threats.  

Vulnerability Name CVE ID Product Affected Severity Affected Version 
Improper Authentication CVE-2024-53704 SonicWall  High 7.1.x (7.1.1-7058 and older), 7.1.2-7019 
8.0.0-8035 
A privilege escalation vulnerability CVE-2024-53706 SonicWall High  7.1.x (7.1.1-7058 and older), 7.1.2-7019 
A weakness in the SSLVPN authentication token generator CVE-2024-40762 SonicWall High  7.1.x (7.1.1-7058 and older), 7.1.2-7019 
A server-side request forgery (SSRF) vulnerability CVE-2024-53705 SonicWall Medium 6.5.4.15-117n and older 
7.0.x (7.0.1-5161 and older) 

Technical Summary 

CVE ID System Affected Vulnerability Details Impact 
 CVE-2024-53704  Gen7 Firewalls, Gen7 NSv, TZ80 An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.  Bypass authentication 
 CVE-2024-53706  Gen7 Cloud Platform NSv A vulnerability in the Gen7 SonicOS Cloud platform NSv (AWS and Azure editions only), allows a remote authenticated local low-privileged attacker to elevate privileges to `root` and potentially lead to code execution.  Allow attackers to gain root privileges and potentially execute code. 
  CVE-2024-40762  Gen7 Firewalls, Gen7 NSv, TZ80 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in the SonicOS SSLVPN authentication token generator that, in certain cases, can be predicted by an attacker potentially resulting in authentication bypass. Weak PRNG in authentication tokens can lead to authentication bypass in SSLVPN. 
 CVE-2024-53705  Gen6 Hardware Firewalls, Gen7 Firewalls, Gen7 NSv A Server-Side Request Forgery vulnerability in the SonicOS SSH management interface allows a remote attacker to establish a TCP connection to an IP address on any port when the user is logged in to the firewall. Allow attackers to establish TCP connections to arbitrary IP addresses and ports 

Remediation

  • Update: Impacted users are recommended to upgrade to the following versions to address the security risk: 
 Firewalls Versions Fixes and Releases 
Gen 6 / 6.5 hardware firewalls SonicOS 6.5.5.1-6n or newer 
Gen 6 / 6.5 NSv firewalls SonicOS 6.5.4.v-21s-RC2457 or newer 
Gen 7 firewalls SonicOS 7.0.1-5165 or newer; 7.1.3-7015 and higher 
TZ80: SonicOS SonicOS 8.0.0-8037 or newer 

Recommendations: 

  • Patch Without Delay: Install the latest firmware update from SonicWall to resolve this vulnerability. Detailed instructions are available in SonicWall’s official advisory. 
  • Monitor Network Activity: Regularly monitor network traffic for signs of suspicious or unauthorized access. 
  • Limit Access: Restrict VPN access to trusted users and enforce Multi-Factor Authentication (MFA) for all accounts. 
  • Stay Updated: Subscribe to SonicWall’s security alerts and updates to stay informed about upcoming vulnerabilities. 

References: 

Tags: