SonicWall Urges Admins to Patch Exploitable SSLVPN Bug Immediately
Summary:
SonicWall released a security bulletin on January 7, 2025, warning customers to upgrade their firewall’s SonicOS firmware to patch an authentication bypass vulnerability in SSL VPN and SSH management that SonicWall deemed susceptible to in-the-wild attacks. This vulnerability is being tracked as CVE-2024-53704 and impacts multiple generation six and generation seven firewalls, running 6.5.4.15-117n and older and 7.0.1-5161 and older versions. SonicWall recommends mitigating this vulnerability immediately by upgrading to the latest firmware version. In an email sent to SonicWall customers, the firewall vendor says the patches are available as of yesterday, and all impacted customers should install them immediately to prevent exploitation. Ivanti has not witnessed any active exploitation as of the publishing of the security advisory. Impacted users are recommended to upgrade to the following versions to address the security risk:
This SonicWall bulletin lists three other medium to high-severity flaws, CVE-2024-40762, CVE-2024-53705, and CVE-2024-53706. This recommendation to update SonicWall SSLVPN instances is published as a flaw in another SSLVPN product, Ivanti Connect Secure, is being actively exploited to install malware on appliances, according to Ivanti’s investigation. The vulnerability carries the moniker CVE-2025-0282 as well as a critical CVSS score of 9.0 and has been exploited as a zero-day. SSL VPNs are frequently used by organizations for secure access to internal networks and applications, especially due to the increase in remote work, emphasizing the need to prioritize prompt patch management for instances of these products.
Suggested Corrections:
Recommendations from SonicWall:
Link(s):
https://www.bleepingcomputer.com/news/security/sonicwall-urges-admins-to-patch-exploitable-sslvpn-bug-immediately/
SonicWall released a security bulletin on January 7, 2025, warning customers to upgrade their firewall’s SonicOS firmware to patch an authentication bypass vulnerability in SSL VPN and SSH management that SonicWall deemed susceptible to in-the-wild attacks. This vulnerability is being tracked as CVE-2024-53704 and impacts multiple generation six and generation seven firewalls, running 6.5.4.15-117n and older and 7.0.1-5161 and older versions. SonicWall recommends mitigating this vulnerability immediately by upgrading to the latest firmware version. In an email sent to SonicWall customers, the firewall vendor says the patches are available as of yesterday, and all impacted customers should install them immediately to prevent exploitation. Ivanti has not witnessed any active exploitation as of the publishing of the security advisory. Impacted users are recommended to upgrade to the following versions to address the security risk:
- Gen 6 / 6.5 hardware firewalls: SonicOS 6.5.5.1-6n or newer
- Gen 6 / 6.5 NSv firewalls: SonicOS 6.5.4.v-21s-RC2457 or newer
- Gen 7 firewalls: SonicOS 7.0.1-5165 or newer; 7.1.3-7015 and higher
- TZ80: SonicOS 8.0.0-8037 or newer
This SonicWall bulletin lists three other medium to high-severity flaws, CVE-2024-40762, CVE-2024-53705, and CVE-2024-53706. This recommendation to update SonicWall SSLVPN instances is published as a flaw in another SSLVPN product, Ivanti Connect Secure, is being actively exploited to install malware on appliances, according to Ivanti’s investigation. The vulnerability carries the moniker CVE-2025-0282 as well as a critical CVSS score of 9.0 and has been exploited as a zero-day. SSL VPNs are frequently used by organizations for secure access to internal networks and applications, especially due to the increase in remote work, emphasizing the need to prioritize prompt patch management for instances of these products.
Suggested Corrections:
Recommendations from SonicWall:
- Apply the patch as soon as possible for impacted products, latest patch builds are available for download on mysonicwall.com.
- To minimize the potential impact of SSLVPN vulnerabilities, please ensure that access is limited to trusted sources, or disable SSLVPN access from the Internet. For more information about disabling firewall SSLVPN access, see: how-can-i-setup-ssl-vpn.
- To minimize the potential impact of an SSH vulnerability, we recommend restricting firewall management to trusted sources or disabling firewall SSH management from Internet access.
- For more information about disabling firewall SSH management access, see: how-can-i-restrict-SonicOS-admin-access.
- If you have any further questions on restricting/disabling SSH management or require additional information, please contact SonicWall Technical Support.
Link(s):
https://www.bleepingcomputer.com/news/security/sonicwall-urges-admins-to-patch-exploitable-sslvpn-bug-immediately/