SonicWall urges administrators to immediately fix concerning vulnerability in SSLVPN.

SonicWall has alerted IT administrators about a high-severity vulnerability in its firewalls, which is deemed "susceptible to actual exploitation." The company is sending notifications to technology managers, urging them to apply a patch to protect their endpoints from this threat.

According to user reports on Reddit, the identified flaw is an authentication bypass in SSL VPN and SSH management, registered as CVE-2024-53704. This issue has a severity score of 8.2, classifying it as high, and affects various sixth and seventh generation firewall models running SonicOS versions 6.5.4.15-117n and earlier, as well as 7.0.1-5161 and earlier versions.

SonicWall has established that it is crucial for customers using managed SSL VPN or SSH to upgrade to the latest firmware version, which will be publicly available on January 7, 2025. Furthermore, this patch also includes fixes for three additional vulnerabilities (CVE-2024-40762, CVE-2024-53705, and CVE-2024-53706) that allow authentication bypass and remote code execution, among other issues.

For those using generation 6 or 6.5 hardware firewalls, SonicOS 6.5.5.1-6n or a newer version is recommended, while users with Gen 6 / 6.5 NSv firewalls should look for SonicOS 6.5.4.v-21s-RC2457 or later. Meanwhile, TZ80 users need to have at least SonicOS 8.0.0-8037.

Those who cannot install the patch immediately should implement the mitigation measures suggested by SonicWall in their security advisory. These measures include limiting access to trusted sources and disabling SSLVPN access from the Internet. To reduce the potential impact of the SSH vulnerability, the company also recommends restricting firewall management to trusted sources and disabling SSH management from the Internet.