SonicWall disclosed three critical vulnerabilities affecting the SonicOS firmware. These flaws include an authentication bypass affecting the SSL VPN and SSH management interfaces, which can enable attackers unauthorized access upon successful exploitation. Continue reading this Cybersecurity Threat Advisory for more information on how to alleviate the risk of these vulnerabilities.
What is the threat?
The three critical vulnerabilities are:
- CVE-2024-40762: A weakness in the pseudo-random number generator used for SSL VPN authentication tokens, potentially allowing attackers to predict and bypass authentication mechanisms.
- CVE-2024-53705: A server-side request forgery (SSRF) vulnerability in the SSH management interface permits authenticated attackers to initiate arbitrary TCP connections to other IPs and ports.
- CVE-2024-53706: A privilege escalation vulnerability that affects Gen7 SonicOS Cloud NSv (AWS and Azure), potentially leading to remote code execution.
These vulnerabilities can be exploited remotely, enabling attackers to infiltrate and compromise critical systems, leading to data theft, operational disruptions, and further internal breaches.
Why is it noteworthy?
The critical nature of these vulnerabilities makes them a priority for organizations using SonicWall firewalls. The authentication bypass can be exploited to access sensitive resources remotely. SonicWall’s advisory emphasizes the immediate need to update to prevent potential breaches or malicious activity.
What is the exposure or risk?
Organizations using the affected SonicWall firewalls face heightened risks of unauthorized access, privilege escalation, and even remote code execution. The following SonicOS versions are affected:
- Gen 6 / 6.5 hardware firewalls: SonicOS 6.5.5.1 and prior.
- Gen 6 / 6.5 NSv firewalls: 6.5.4.15-117n and older versions.
- Gen 7 firewalls: SonicOS 7.0.x (7.0.1-5161 and older versions).
- TZ80: SonicOS 8.0.0-8035
What are the recommendations?
Barracuda recommends the following actions to mitigate these vulnerabilities:
- Apply the recommended firmware updates immediately to secure your systems.
- Limit SSL VPN and SSH management access to known and trusted sources. If these services are not essential, disable them altogether to reduce exposure.
- Review logs regularly and analyze network traffic for unusual activities that could indicate exploitation attempts.
- Strengthen authentication measures by implementing multi-factor authentication (MFA) for all remote access services.
Reference
For more in-depth information, please visit the following link:
If you have any questions about this Cybersecurity Threat Advisory, please contact Barracuda XDR’s Security Operations Center.
This post originally appeared on Smarter MSP.
