Critical SonicWall SSL VPN Vulnerability Let Attackers Trigger DoS Attack
A critical vulnerability in SonicWall Gen7 firewall products could allow remote unauthenticated attackers to cause service disruptions through denial-of-service (DoS) attacks.
The format string vulnerability tracked as CVE-2025-40600 affects the SSL VPN interface of multiple SonicWall firewall models and has been assigned a CVSS v3 score of 5.9, indicating medium severity with high availability impact.
Key Takeaways
1. CVE-2025-40600 allows unauthenticated remote DoS attacks on SonicWall Gen7 firewall SSL VPN interfaces.
2. All Gen7 hardware/virtual firewalls running SonicOS 7.2.0-7015 and older versions.
3. Upgrade or disable SSL-VPN as a temporary workaround.
Overview of SSL VPN DoS Vulnerability
The security flaw, officially designated as SNWLID-2025-0013, stems from a Use of Externally-Controlled Format String vulnerability classified under CWE-134.
This type of vulnerability occurs when an application uses externally controlled format strings in printf-style functions, potentially allowing attackers to manipulate memory addresses and cause application crashes or service disruptions.
The vulnerability specifically targets the SonicOS SSL VPN interface, making it accessible to remote attackers without requiring authentication.
The CVSS vector CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H indicates that while the attack complexity is high, it can be executed over the network without user interaction, primarily impacting system availability rather than confidentiality or integrity.
Security researchers have identified a vulnerability that allows attackers to exploit format string weaknesses in the SSL VPN component, potentially leading to memory corruption and subsequent service crashes.
The attack vector requires no special privileges and can be executed remotely, making it particularly concerning for organizations relying on SonicWall firewalls for network security.
| Risk Factors | Details |
| Affected Products | Gen7 Hardware Firewalls: TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700, NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700, NSsp 15700 Gen7 Virtual Firewalls: NSV270, NSv470, NSv870 (ESX, KVM, HYPER-V, AWS, Azure) Vulnerable Versions: SonicOS 7.2.0-7015 and older |
| Impact | Denial of Service (DoS) |
| Exploit Prerequisites | Remote network access to SSL VPN interface |
| CVSS 3.1 Score | 5.9 (Medium) |
Affected Systems and Mitigation Strategies
The vulnerability impacts a comprehensive range of Gen7 hardware firewalls, including the TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700, NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700, and NSsp 15700 models.
Additionally, Gen7 virtual firewalls (NSv), including NSV270, NSv470, and NSv870 variants across ESX, KVM, HYPER-V, AWS, and Azure platforms, are also affected.
Systems running SonicOS versions 7.2.0-7015 and older are vulnerable, while the 7.0.1 branch remains unaffected.
Importantly, SonicWall’s Gen6 and Gen8 firewalls, as well as SMA 1000 and SMA 100 series SSL VPN products, are not impacted by this vulnerability.
SonicWall has released fixed software version 7.3.0-7012 and higher to address this security issue.
For organizations unable to immediately update, SonicWall recommends disabling the SSL-VPN interface as a temporary workaround, noting that this vulnerability does not impact firewalls without SSL-VPN enabled.
Organizations should prioritize upgrading to the patched version to maintain both security and SSL VPN functionality.
Integrate ANY.RUN TI Lookup with your SIEM or SOAR To Analyses Advanced Threats -> Try 50 Free Trial Searches
Source link
