SonicWall urges admins to patch exploitable SSLVPN bug immediately

SonicWall is emailing customers urging them to upgrade their firewall’s SonicOS firmware to patch an authentication bypass vulnerability in SSL VPN and SSH management that is “susceptible to actual exploitation.”

In an email sent to SonicWall customers and shared on Reddit, the firewall vendor says the patches are available as of yesterday, and all impacted customers should install them immediately to prevent exploitation.

“We have identified a high (CVE Score 8.2) firewall vulnerability that is susceptible to actual exploitation for customers with SSL VPN or SSH management enabled and that should be mitigated immediately by upgrading to the latest firmware, which will be web-posted tomorrow, Jan 7th, 2025,” warns a SonicWall email sent to customers.

“The same firmware upgrade contains mitigations for additional, less-critical vulnerabilities.”

A SonicWall security bulletin tracks this flaw as CVE-2024-53704 (CVSS v3.0 score: 8.2, “high”), stating it impacts multiple generation six and generation seven firewalls, running 6.5.4.15-117n and older and 7.0.1-5161 and older versions.

Impacted users are recommended to upgrade to the following versions to address the security risk:

• Gen 6 / 6.5 hardware firewalls: SonicOS 6.5.5.1-6n or newer
• Gen 6 / 6.5 NSv firewalls: SonicOS 6.5.4.v-21s-RC2457 or newer
• Gen 7 firewalls: SonicOS 7.0.1-5165 or newer; 7.1.3-7015 and higher
• TZ80: SonicOS 8.0.0-8037 or newer

The same bulletin lists three more medium to high-severity issues summarized as follows:

CVE-2024-40762 – A cryptographically weak pseudo-random number generator (PRNG) is used in the SSL VPN authentication token generator, potentially allowing an attacker to predict tokens and bypass authentication in certain cases.

CVE-2024-53705 – A server-side request forgery (SSRF) vulnerability in the SonicOS SSH management interface enables a remote attacker to establish TCP connections to arbitrary IP addresses and ports, provided the attacker is logged into the firewall.

CVE-2024-53706 – A flaw in the Gen7 SonicOS Cloud NSv (specific to AWS and Azure editions) allows a low-privileged, authenticated attacker to escalate privileges to root, potentially enabling code execution.

SonicWall also lists some mitigations for the SSLVPN vulnerabilities, including limiting access to trusted sources and restricting access from the internet entirely if not needed.

To mitigate SSH flaws, administrators are recommended to restrict firewall SSH management access and consider disabling access from the internet.