Zero-day vulnerability in Sonicwall SSL VPN is attacked
Sonicwall has announced updates to close actively attacked vulnerabilities in SonicOS. The SSL VPN and SSH management are affected.
(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
Sonicwall has informed its customers in emails that updates for the firewalls will be released on Tuesday of this week. Among other things, they will close a security gap that is already being attacked in the wild in the SonicOS SSL VPN. However, they are not yet available at the time of reporting.
A Sonicwall customer has published the email on reddit. We have also received corresponding reader information with excerpts from the email text. According to this, a security vulnerability in Sonicwall firewalls is currently being abused by customers who have activated SSL VPN or SSH management. Updating to the latest firmware, which is due to be released on January 7, will close the vulnerability.
A total of four vulnerabilities in SonicOS
A screenshot shows a table with four vulnerability entries that the SNWLID-2025-0003 update is intended to fix. It has not yet been published, but will appear here according to the usual naming convention. The vulnerability currently under attack is apparently an authentication bypass in SonicOS SSLVPN – However, the manufacturer does not provide any details (CVE-2024-53704, CVSS 8.2, risk “high”). Due to a cryptographically weak pseudo-random number generator used by the SonicOS SSLVPN authentication token generator, the tokens can be predicted in some cases and authentication can also be bypassed (CVE-2024-40762, CVSS 7.1, high).
Videos by heise
There is also a privilege escalation vulnerability to “root” in the Gen7 SonicOS Cloud NSv SSH Config functions (CVE-2024-53706, CVSS 7.8, high). Finally, there is a vulnerability in SSH management that enables server-side request forgery (SSRF). It allows attackers from the network to make TCP connections to an IP address on any port, provided the user is logged into the firewall (CVE-2024-53705, CVSS 6.5, medium).
The upcoming updates to SonicOS 6.5.5.1-6n (Gen 6 / 6.5 hardware firewalls), SonicOS 6.5.4.v-21s-RC2457 (Gen 6 / 6.5 NSv firewalls), SonicOS 7.0.1-5165 or 7.1.3-7015 (Gen7 firewalls) and SonicOS 8.0.0-8037 (TZ80) or newer versions will plug the security leaks.
Admins last had to take action last September to plug actively attacked security gaps in Sonicwall firewalls. Here, too, the SSL VPN function was particularly affected.
(dmk)
