Share This:

Cybersecurity Threat Advisory

SonicWall disclosed three critical vulnerabilities affecting the SonicOS firmware. These flaws include an authentication bypass affecting the SSL VPN and SSH management interfaces, which can enable attackers unauthorized access upon successful exploitation. Continue reading this Cybersecurity Threat Advisory for more information on how to alleviate the risk of these vulnerabilities.

What is the threat?

The three critical vulnerabilities are:

  • CVE-2024-40762: A weakness in the pseudo-random number generator used for SSL VPN authentication tokens, potentially allowing attackers to predict and bypass authentication mechanisms.
  • CVE-2024-53705: A server-side request forgery (SSRF) vulnerability in the SSH management interface permits authenticated attackers to initiate arbitrary TCP connections to other IPs and ports.
  • CVE-2024-53706: A privilege escalation vulnerability that affects Gen7 SonicOS Cloud NSv (AWS and Azure), potentially leading to remote code execution.

These vulnerabilities can be exploited remotely, enabling attackers to infiltrate and compromise critical systems, leading to data theft, operational disruptions, and further internal breaches.

Why is it noteworthy?

The critical nature of these vulnerabilities makes them a priority for organizations using SonicWall firewalls. The authentication bypass can be exploited to access sensitive resources remotely. SonicWall’s advisory emphasizes the immediate need to update to prevent potential breaches or malicious activity.

What is the exposure or risk?

Organizations using the affected SonicWall firewalls face heightened risks of unauthorized access, privilege escalation, and even remote code execution. The following SonicOS versions are affected:

  • Gen 6 / 6.5 hardware firewalls: SonicOS 6.5.5.1 and prior.
  • Gen 6 / 6.5 NSv firewalls: 6.5.4.15-117n and older versions.
  • Gen 7 firewalls: SonicOS 7.0.x (7.0.1-5161 and older versions).
  • TZ80: SonicOS 8.0.0-8035

What are the recommendations?

Barracuda recommends the following actions to mitigate these vulnerabilities:

  • Apply the recommended firmware updates immediately to secure your systems.
  • Limit SSL VPN and SSH management access to known and trusted sources. If these services are not essential, disable them altogether to reduce exposure.
  • Review logs regularly and analyze network traffic for unusual activities that could indicate exploitation attempts.
  • Strengthen authentication measures by implementing multi-factor authentication (MFA) for all remote access services.

Reference

For more in-depth information, please visit the following link:

If you have any questions about this Cybersecurity Threat Advisory, please contact Barracuda XDR’s Security Operations Center.

 


Share This:
Laila Mubashar

Posted by Laila Mubashar

Laila is a Cybersecurity Analyst at Barracuda MSP. She's a security expert, working on our Blue Team within our Security Operations Center. Laila supports our XDR service delivery and is highly skilled at analyzing security events to detect cyber threats, helping keep our partners and their customers protected.

All Posts

Leave a reply

Your email address will not be published. Required fields are marked *