A new security advisory has been released regarding several vulnerabilities in SonicWall’s SonicOS software, which could enable attackers to bypass authentication mechanisms.
These vulnerabilities affect a variety of SonicWall hardware products, potentially compromising network security.
Vulnerability Summary
The advisory highlights four significant vulnerabilities within the SonicOS framework:
- CVE-2024-40762 concerns the use of a cryptographically weak pseudo-random number generator (PRNG) within the SSLVPN authentication token generator. This weakness can be exploited by attackers, allowing them to predict authentication tokens in certain scenarios, leading to a potential authentication bypass. The CVSS score for this vulnerability is categorized at 7.1, classified under CWE-338.
- CVE-2024-53704 represents an improper authentication vulnerability within the SSLVPN mechanism. This flaw allows remote attackers to bypass authentication processes, posing a serious threat to network integrity. It has a CVSS score of 8.2 and falls under CWE-287.
- CVE-2024-53705 relates to a server-side request forgery (SSRF) vulnerability found in the SSH management interface of SonicOS. This vulnerability permits remote attackers to establish TCP connections to arbitrary IP addresses on any port while a user is logged into the firewall. It is rated with a CVSS score of 6.5 and classified under CWE-918.
- CVE-2024-53706 highlights a local privilege escalation vulnerability specifically in the Gen7 SonicOS Cloud platform, affecting AWS and Azure editions. This vulnerability allows low-privileged, authenticated users to escalate their privileges to root, potentially leading to unauthorized code execution. Its CVSS score is 7.8 and is categorized under CWE-269.
Affected Products
These vulnerabilities affect various models of SonicWall hardware firewalls and the Gen7 Cloud platform. The table below summarizes the relevant CVEs and affected versions:
| CVE ID | Affected Products | Fixed Version |
| CVE-2024-40762 | Gen6 and Gen7 Firewall series | 7.0.1-5165 and higher |
| CVE-2024-53704 | Gen6 and Gen7 Firewall series | 7.1.3-7015 and higher |
| CVE-2024-53705 | Gen6 and Gen7 Firewalls | 7.0.1-5165 and higher |
| CVE-2024-53706 | Gen7 Cloud NSv (AWS and Azure editions only) | 7.1.3-7015 and higher |
SonicWall has not found any evidence of these vulnerabilities being exploited in the wild. However, they strongly urge users to upgrade their SonicWall Firewall products to the latest patched versions available on the SonicWall website.
Additionally, users should limit access to SSLVPN and SSH management to trusted sources or disable these features if not in use. For further information on securing your systems, users can refer to SonicWall’s technical support.
By addressing these vulnerabilities swiftly, IT departments can better protect their networks against potential attacks, ensuring the integrity and confidentiality of their data.
ANY.RUN Threat Intelligence Lookup - Extract Millions of IOC's for Interactive Malware Analysis: Try for Free