Multiple Vulnerabilities in SonicOS
SonicWall releases security update to address four vulnerabilities in SonicOS
Summary
SonicWall releases security update to address four vulnerabilities in SonicOS
Affected platforms
The following platforms are known to be affected:
The following platforms are also known to be affected:
Please see SonicWall security advisory SNWLID-2025-0003 for a full list of vulnerable products.
Threat details
Introduction
SonicWall has released a security advisory to address one critical severity vulnerability, two high severity vulnerabilities and one medium severity vulnerability in SonicOS. SonicWall appliances are security appliances that provide virtual private network (VPN) and 'next-gen' firewall capabilities.
Vulnerability Details
- CVE-2024-53704 is an 'improper authentication' vulnerability with a CVSSv3 score of 9.8. If exploited, a remote attacker could bypass authentication mechanisms.
- CVE-2024-40762 is a 'use of cryptographically weak pseudo-random number generator' vulnerability with a CVSSv3 score of 7.1. If exploited, an attacker could bypass authentication mechanisms.
- CVE-2024-53706 is an 'improper privilege management' vulnerability with a CVSSv3 score of 7.8. If exploited, a local, authenticated attacker could elevate privileges to root and potentially execute arbitrary code.
- CVE-2024-53705 is a 'server-side request forgery (SSRF)' vulnerability with a CVSSv3 score of 6.5. If exploited, a remote attacker could establish a TCP connection to an IP address on any port when the user is logged in to the firewall.
Threat updates
Date | Update |
---|---|
10 Jan 2025 | CVE Details Released by MITRE |
Remediation advice
Affected organisations are strongly encouraged to review SonicWall security advisory SNWLID-2025-0003 and apply any relevant updates as soon as practicable.
Definitive source of threat updates
CVE Vulnerabilities
Last edited: 10 January 2025 11:02 am