Skip to main content

Multiple Vulnerabilities in SonicOS

SonicWall releases security update to address four vulnerabilities in SonicOS

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

SonicWall releases security update to address four vulnerabilities in SonicOS


The following platforms are also known to be affected:

Please see SonicWall security advisory SNWLID-2025-0003 for a full list of vulnerable products.

Threat details

Introduction

SonicWall has released a security advisory to address one critical severity vulnerability, two high severity vulnerabilities and one medium severity vulnerability in SonicOS. SonicWall appliances are security appliances that provide virtual private network (VPN) and 'next-gen' firewall capabilities.


Vulnerability Details

  • CVE-2024-53704 is an 'improper authentication' vulnerability with a CVSSv3 score of 9.8. If exploited, a remote attacker could bypass authentication mechanisms.
  • CVE-2024-40762 is a 'use of cryptographically weak pseudo-random number generator' vulnerability with a CVSSv3 score of 7.1. If exploited, an attacker could bypass authentication mechanisms.
  • CVE-2024-53706 is an 'improper privilege management' vulnerability with a CVSSv3 score of 7.8. If exploited, a local, authenticated attacker could elevate privileges to root and potentially execute arbitrary code.
  • CVE-2024-53705 is a 'server-side request forgery (SSRF)' vulnerability with a CVSSv3 score of 6.5. If exploited, a remote attacker could establish a TCP connection to an IP address on any port when the user is logged in to the firewall.

Threat updates

Date Update
10 Jan 2025 CVE Details Released by MITRE

Remediation advice

Affected organisations are strongly encouraged to review SonicWall security advisory SNWLID-2025-0003 and apply any relevant updates as soon as practicable.



Last edited: 10 January 2025 11:02 am