Lädt...


📰 SonicWall Urges Immediate Firmware Upgrade to Patch Critical Firewall Vulnerabilities


Nachrichtenbereich: 📰 IT Security Nachrichten
🔗 Quelle: blackhatethicalhacking.com

SonicWall Urges Immediate Firmware Upgrade to Patch Critical Firewall Vulnerabilities




Join our Patreon Channel and Gain access to 70+ Exclusive Walkthrough Videos.

Patreon
Reading Time: 3 Minutes

SonicWall has issued an urgent advisory to its customers, emphasizing the need to upgrade their SonicOS firmware to address a critical authentication bypass vulnerability (CVE-2024-53704) affecting SSL VPN and SSH management interfaces. This flaw is rated 8.2 (high severity) on the CVSS scale and is actively exploitable, posing significant security risks.

Details of the Flaw

CVE-2024-53704 impacts both Generation 6 and Generation 7 SonicWall firewalls, specifically the following firmware versions:

  • Gen 6/6.5 hardware firewalls: Versions 6.5.4.15-117n and older.
  • Gen 7 firewalls: Versions 7.0.1-5161 and older.

This vulnerability allows attackers to bypass authentication on devices with SSL VPN or SSH management enabled.

See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses




Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.

Additional Vulnerabilities

SonicWall’s bulletin highlights three more vulnerabilities of medium to high severity:

  1. CVE-2024-40762:

    • Type: Weak cryptographic pseudo-random number generator (PRNG).
    • Impact: Attackers can potentially predict authentication tokens, enabling unauthorized access.
  2. CVE-2024-53705:

    • Type: Server-Side Request Forgery (SSRF).
    • Impact: A logged-in attacker can establish TCP connections to arbitrary IPs and ports via the SSH management interface.
  3. CVE-2024-53706:

    • Type: Privilege escalation.
    • Impact: On Gen7 Cloud NSv firewalls for AWS and Azure, low-privileged authenticated attackers can escalate to root and execute arbitrary code.


Recommended Firmware Updates

To protect against these vulnerabilities, SonicWall advises upgrading to the following versions:

Firewall Type Required Firmware Version
Gen 6/6.5 Hardware Firewalls SonicOS 6.5.5.1-6n or newer
Gen 6/6.5 NSv Firewalls SonicOS 6.5.4.v-21s-RC2457 or newer
Gen 7 Firewalls SonicOS 7.0.1-5165, 7.1.3-7015, or newer
TZ80 SonicOS 8.0.0-8037 or newer



Mitigation Measures

While applying firmware updates is the most effective defense, SonicWall recommends these mitigations:

For SSL VPN vulnerabilities:

  • Limit access to trusted IP sources.
  • Disable internet-facing SSL VPN access if unnecessary.

For SSH vulnerabilities:

  • Restrict firewall SSH management to trusted sources.
  • Disable SSH access from the internet entirely if not required.

Are u a security researcher? Or a company that writes articles about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing? If you want to express your idea in an article contact us here for a quote: [email protected]

Source: bleepingcomputer.com

Source Link

Merch

Offensive Security & Ethical Hacking Course

Begin the learning curve of hacking now!


Information Security Solutions

Find out how Pentesting Services can help you.


Join our Community

The post SonicWall Urges Immediate Firmware Upgrade to Patch Critical Firewall Vulnerabilities first appeared on Black Hat Ethical Hacking. ...

📰 SonicWall Urges Immediate Firmware Upgrade to Patch Critical Firewall Vulnerabilities


📈 79.65 Punkte
📰 IT Security Nachrichten

📰 SonicWall Urges Users to Patch Critical Firewall Flaw Amid Possible Exploitation


📈 43.5 Punkte
📰 IT Security Nachrichten

📰 Citrix urges 'immediate; patch for critical NetScaler bug as exploit POC made public


📈 42.11 Punkte
📰 IT Security Nachrichten

📰 VMware Discloses Critical Vulnerabilities, Urges Immediate Remediation


📈 41.37 Punkte
📰 IT Security Nachrichten

📰 Veeam Urges Immediate Update to Patch Severe Vulnerabilities


📈 40.68 Punkte
📰 IT Security Nachrichten

🔧 Efficient Ruby Coding: A Guide to Immediate and Non-Immediate Objects


📈 37.08 Punkte
🔧 Programmierung

🕵️ Critical Flaw – JetBrains Urges Immediate Patching of TeamCity Servers


📈 36.95 Punkte
🕵️ Hacking

📰 Atlassian reveals critical Confluence RCE flaw, urges “immediate action” (CVE-2023-22527)


📈 36.95 Punkte
📰 IT Security Nachrichten

🕵️ Critical Confluence Vulnerability Puts Data at Risk: Atlassian Urges Immediate Patching


📈 36.95 Punkte
🕵️ Hacking

📰 Atlassian patches critical Confluence bug, urges for immediate action (CVE-2023-22518)


📈 36.95 Punkte
📰 IT Security Nachrichten

📰 VMware fixes critical vCenter Server RCE vulnerability, urges immediate action (CVE-2021-21985)


📈 36.95 Punkte
📰 IT Security Nachrichten

📰 Moxa Urges Immediate Updates for Security Vulnerabilities


📈 35.52 Punkte
📰 IT Security Nachrichten

📰 CISA Urges Immediate Credential Reset After Sisense Breach


📈 31.1 Punkte
📰 IT Security Nachrichten

📰 SonicWall Issues Critical Patch for Firewall Vulnerability Allowing Unauthorized Access


📈 30.94 Punkte
📰 IT Security Nachrichten

📰 SonicWall urges admins to patch exploitable SSLVPN bug immediately


📈 29.4 Punkte
📰 IT Security Nachrichten

📰 SonicWall urges customers to 'immediately' patch NSM On-Prem bug


📈 29.4 Punkte
📰 IT Security Nachrichten

🕵️ SonicWall urges customers to fix SMA 1000 vulnerabilities


📈 28.65 Punkte
🕵️ Hacking

📰 CISA Urges Critical Infrastructure to Patch Urgent ICS Vulnerabilities


📈 27.99 Punkte
📰 IT Security Nachrichten

📰 Ivanti Urges Customers to Patch 13 Critical Vulnerabilities


📈 27.99 Punkte
📰 IT Security Nachrichten

📰 Ransomware Gangs Exploit Critical SonicWall Firewall Vulnerability


📈 25.77 Punkte
📰 IT Security Nachrichten

📰 Ransomware Gangs Exploit Critical SonicWall Firewall Vulnerability


📈 25.77 Punkte
📰 IT Security Nachrichten

📰 SolarWinds Urges Upgrade After Revealing Critical RCE Bug


📈 25.18 Punkte
📰 IT Security Nachrichten

📰 Critical Rsync Vulnerability Requires Immediate Patching on Linux and Unix systems


📈 24.38 Punkte
🐧 Unix Server

📰 Critical Vulnerability in Apache OFBiz Requires Immediate Patching


📈 24.38 Punkte
📰 IT Security Nachrichten

📰 Critical Vulnerability in Apache OFBiz Requires Immediate Patching


📈 24.38 Punkte
📰 IT Security Nachrichten

📰 Critical Atlassian Bug Exploit Now Available; Immediate Patching Needed


📈 24.38 Punkte
📰 IT Security Nachrichten

📰 Critical Vulnerability in Salt Requires Immediate Patching


📈 24.38 Punkte
📰 IT Security Nachrichten

🕵️ Multiple SonicWall Vulnerabilities Resulted in a Firewall Crash


📈 24.34 Punkte
🕵️ Hacking

📰 VMware Urges Customers to Patch Critical Aria Automation Vulnerability 


📈 23.58 Punkte
📰 IT Security Nachrichten

📰 German govt urges iOS users to patch critical Mail app flaws


📈 23.58 Punkte
📰 IT Security Nachrichten

📰 US Health Dept urges hospitals to patch critical Citrix Bleed bug


📈 23.58 Punkte
📰 IT Security Nachrichten

📰 Germany govt urges iOS users to patch critical Mail app flaws


📈 23.58 Punkte
📰 IT Security Nachrichten

📰 Zoho urges admins to patch critical ManageEngine bug immediately


📈 23.58 Punkte
📰 IT Security Nachrichten

matomo