- SonicWall is mailing IT admins, warning them about a high-severity vulnerability in its firewalls
- The bug is “susceptible to actual exploitation” it said
- A patch is available, as well as a few mitigation measures
SonicWall has recently addressed a high-severity vulnerability in its firewalls which is “susceptible to actual exploitation.” The company has since started notifying IT admins, urging them to apply the fix immediately and secure their endpoints.
Citing a few Reddit users who were contacted by SonicWall, BleepingComputer said the vulnerability is an authentication bypass in SSL VPN and SSH management, tracked as CVE-2024-53704.
It has a severity score of 8.2 (high) and impacts multiple generation six and generation seven firewalls, powered by SonicOS 6.5.4.15-117n and older and 7.0.1-5161 and older.
Three more flaws
“We have identified a high (CVE Score 8.2) firewall vulnerability that is susceptible to actual exploitation for customers with SSL VPN or SSH management enabled and that should be mitigated immediately by upgrading to the latest firmware, which will be web-posted tomorrow, Jan 7th, 2025,” SonicWall apparently said in the email.
“The same firmware upgrade contains mitigations for additional, less-critical vulnerabilities.”
For those running Gen 6 or 6.5 hardware firewalls, SonicOS 6.5.5.1-6n or newer is the firmware they should update to, while Gen 6 / 6.5 NSv firewalls need to look for SonicOS 6.5.4.v-21s-RC2457 or newer. Finally, TZ80 users need at least SonicOS 8.0.0-8037.
In the same patch, the company fixed three additional flaws (CVE-2024-40762, CVE-2024-53705, and CVE-2024-53706), which allow for authentication bypassing, remote code execution, and more.
Those that are unable to install the patch immediately should at least apply the mitigations SonicWall suggested in the security advisory, which include limiting access to trusted sources, or disabling SSLVPN access from the Internet.
To minimize the potential impact of an SSH vulnerability, SonicWall suggests restricting firewall management to trusted sources as well, and disabling firewall SSH management from the internet.
Via BleepingComputer