SonicWall is warning customers of a severe vulnerability in its SonicOS SSLVPN with high exploitability that remote attackers could use to bypass authentication.The bug is an improper authentication vulnerability in the SSL VPN authentication mechanism, according to emails sent to customers and published on SonicWall’s official subreddit.”We have identified a high (severity) firewall vulnerability that is susceptible to actual exploitation for customers with SSL VPN or SSH management enabled and that should be mitigated immediately by upgrading to the latest firmware,” SonicWall wrote.The bug, tracked as CVE-2024-53704, has been patched in a firmware upgrade available since Jan. 7, which also sealed other, less-critical vulnerabilities. SonicWall’s network security appliances use the SonicOS SSLVPN to enable secure remote access to internal network resources over the internet.With a CVSS score of 8.2/10, the vulnerability impacts a number of Gen6 and Gen7 firewalls. The fixed versions include SonicOS 6.5.5.1-6n or newer for hardware firewalls, SonicOS 6.5.4.v-21s-RC2457 or newer for NSv firewalls, and SonicOS 7.0.1-5165 or newer for Gen 7 firewalls.”To minimize the potential impact of SSLVPN vulnerabilities, please ensure that access is limited to trusted sources, or disable SSLVPN access from the Internet,” SonicWall said in a security advisory.It encouraged customers to download the latest firmware versions from mysonicwall.com.
Upgrade patched other non-critical bugs
SonicWall disclosed patching a set of other bugs in the upgrade targeted at CVE-2024-53704. These include CVE-2024-40762, CVE-2024-53705, and CVE-2024-53706.CVE-2024-40762 (CVSS 7.1/10) stems from the use of cryptographically weak Pseudo-Random Number Generator (PRNG) in the SonicOS SSLVPN authentication token generator that can allow their prediction by attackers resulting in authentication bypass.Another vulnerability (CVE-2024-53706) in the Gen7 SonicOS Cloud platform NSv (AWS and Azure editions only) can allow “root” level privilege escalation for remote attackers leading to arbitrary code execution. The bug has received a CVSS rating of 7.8/10.CVE-2024-53705 (CVSS 6.5/10) is a server-side request forgery vulnerability in the SonicOS SSH management interface allowing remote attackers to establish malicious TCP connections.None of these vulnerabilities are known to have had exploits in the wild yet. SonicWall credited their discovery to Daan Keuper, Thijs Alkemade and Khaled Nassar of Computest Security through Trend Micro.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/3706518/sonicwall-firewall-hit-with-critical-authentication-bypass-vulnerability.html
