SonicWall releases security update to address four vulnerabilities in SonicOS

Threat ID:CC-4601

Threat Severity:Medium

Published:8 January 2025 3:20 PM

Summary

Affected platforms

The following platforms are known to be affected:

SonicWall SonicOS

Generation 6 Hardware Firewalls: version 6.5.4.15-117n and earlier

Generation 7 Firewalls, NSv, and Cloud platform NSv: version 7.0.1-5161 and earlier, version 7.1.1-7058 and earlier, version 7.1.2-7019

Generation 8: version 8.8.0-8035

The following platforms are also known to be affected:

Please see SonicWall security advisory SNWLID-2025-0003 for a full list of vulnerable products.

Threat details

Introduction

SonicWall has released a security advisory to address one critical severity vulnerability, two high severity vulnerabilities and one medium severity vulnerability in SonicOS. SonicWall appliances are security appliances that provide virtual private network (VPN) and 'next-gen' firewall capabilities.

Vulnerability Details

CVE-2024-53704 is an 'improper authentication' vulnerability with a CVSSv3 score of 9.8. If exploited, a remote attacker could bypass authentication mechanisms.

CVE-2024-40762 is a 'use of cryptographically weak pseudo-random number generator' vulnerability with a CVSSv3 score of 7.1. If exploited, an attacker could bypass authentication mechanisms.

CVE-2024-53706 is an 'improper privilege management' vulnerability with a CVSSv3 score of 7.8. If exploited, a local, authenticated attacker could elevate privileges to root and potentially execute arbitrary code.

CVE-2024-53705 is a 'server-side request forgery (SSRF)' vulnerability with a CVSSv3 score of 6.5. If exploited, a remote attacker could establish a TCP connection to an IP address on any port when the user is logged in to the firewall.

Threat updates


10 Jan 2025	CVE Details Released by MITRE

Remediation advice

Affected organisations are strongly encouraged to review SonicWall security advisory SNWLID-2025-0003 and apply any relevant updates as soon as practicable.

Definitive source of threat updates

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003

CVE Vulnerabilities

StatusPublished

CVE-2024-40762Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in the SonicOS SSLVPN authentication token generator that, in certain cases, can be predicted by an attacker potentially resulting in authentication bypass.

StatusPublished

CVE-2024-53704An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.

StatusPublished

CVE-2024-53705A Server-Side Request Forgery vulnerability in the SonicOS SSH management interface allows a remote attacker to establish a TCP connection to an IP address on any port when the user is logged in to the firewall.

StatusPublished

CVE-2024-53706A vulnerability in the Gen7 SonicOS Cloud platform NSv, allows a remote authenticated local low-privileged attacker to elevate privileges to `root` and potentially lead to code execution.

Last edited: 10 January 2025 11:02 am