SonicWall warns customers to patch SSLVPN flaw immediately, verified to be exploitable
Take action: If you are running generation six and generation seven SonicWall firewalls, time to check your OS version and start patching ASAP. A vendor doesn't send out emails to customers asking for immediate patch just because they feel like it. Take this one seriously. Locking down SSL VPN may help temporarily, but it's not a real fix because firewalls are regularly used to for VPN sessions. As of 8th of April, this is URGENT. There is a public PoC, so attacks are imminent.
Learn More
SonicWall has sent emails to customers to report and urge patching of multiple security vulnerabilities affecting their firewall products, because they are at immediate risk of exploitation.
The most severe being an authentication bypass vulnerability tracked as CVE-2024-53704 (CVSS score 9.8). This flaw affects the SSL VPN and SSH management functionality and has been identified as actively exploitable, causing urgent patch release and customer notifications.
The vulnerability impacts multiple generation six and generation seven firewalls running SonicOS versions 6.5.4.15-117n and older, as well as 7.0.1-5161 and older versions. SonicWall has released patches for all affected systems and strongly recommends immediate updates to the following versions:
- Gen 6 / 6.5 hardware firewalls: SonicOS 6.5.5.1-6n or newer
- Gen 6 / 6.5 NSv firewalls: SonicOS 6.5.4.v-21s-RC2457 or newer
- Gen 7 firewalls: SonicOS 7.0.1-5165 or newer; 7.1.3-7015 and higher
- TZ80: SonicOS 8.0.0-8037 or newer
Additional vulnerabilities addressed in this security update include:
- CVE-2024-40762 (CVSS score 7.1): A cryptographic weakness in the SSL VPN authentication token generator's pseudo-random number generator (PRNG), potentially allowing authentication bypass through token prediction
- CVE-2024-53705 (CVSS score 6.5): A server-side request forgery (SSRF) vulnerability in the SSH management interface that could allow authenticated attackers to establish unauthorized TCP connections
- CVE-2024-53706 (CVSS score 7.8): A privilege escalation vulnerability specific to Gen7 SonicOS Cloud NSv (AWS and Azure editions) that could enable authenticated attackers to gain root access
For organizations unable to immediately apply the patches, SonicWall has provided temporary mitigation strategies including:
- Restricting SSL VPN access to trusted sources
- Disabling internet-facing SSL VPN if not essential
- Limiting SSH management access
Update - as of 24th of January 2025, Bishop Fox researchers warn that 5,000+ SonicWall firewalls are still vulnerable to attack and should be considered “at imminent risk of exploitation”.
As of 3rd of March 2025, BishopFox are warning that the exploitation of CVE-2024-53704 is trivial, allowing them to identify compromised users, obtain configuration files, access private routes, and establish VPN tunnel connections without knowing user passwords, effectively granting access to any network resources accessible to the victim and potentially disconnecting legitimate users from their sessions.
As of 7th of April 2025, SonicWall wanrs that Proof-of-Concepts (PoCs) for the SonicOS SSLVPN Authentication Bypass Vulnerability (CVE-2024-53704) are publicly available, which significantly increases the risk of exploitation. Customers are advised to immediately update all unpatched firewalls (7.1.x & 8.0.0). If applying the firmware update is not possible, disable SSLVPN.
