Alert essentials:
Updates have been released for SonicWall Gen6 and Gen7.
Deploy the fixes urgently to patch multiple vulnerabilities.
Detailed threat description:
Multiple vulnerabilities have been identified in various Gen6 and Gen7 firewalls. The most critical weakness is CVE-2024-53704, an authentication bypass in SonicOS SSLVPN. An improper authentication mechanism allows a remote attacker to bypass it.
CVE-2024-53706 is a local privilege escalation vulnerability in the Gen7 SonicOS Cloud platform NSv (AWS and Azure editions only.) It allows an authenticated local low-privileged attacker to elevate privileges to `root,` potentially leading to code execution.
An attacker can predict a cryptographically weak Pseudo-Random Number Generator (PRNG) in the SonicOS SSLVPN authentication token generator. The forecast has the potential to result in a verification bypass with CVE-2024-40762.
With CVE-2024-53705, a remote attacker can establish a TCP connection to an IP address on any port when the user is logged into the firewall. The medium-severity Server-Side Request Forgery vulnerability is in the SonicOS SSH management interface and can potentially lead to further network compromise.
However, the manufacturer has no evidence that these flaws are actively exploited; users are urged to update their firewalls immediately.
Impacts on healthcare organizations:
The potential consequences of these vulnerabilities on patient data security are severe and multifaceted.
These vulnerabilities can expose sensitive information and disrupt healthcare operations, possibly resulting in delays in medical procedures and damage to the organizational reputation.
By adhering to good cybersecurity hygiene, healthcare networks can significantly reduce their exposure to vulnerability risks and enhance their overall cybersecurity posture.
Affected Products / Versions:
CVEs
- CVE-2024-40762 – CWE-338 (CVSS 7.1)
- CVE-2024-53704 – CWE-287 (CVSS 8.2)
- CVE-2024-53705 – CWE-918 (CVSS 6.5)
- CVE-2024-53706 – CWE-269 (CVSS 7.8)
CVE | Affected Versions | Affected Models |
---|---|---|
CVE-2024-40762 | Gen7 Firewalls 7.1.x (7.1.1-7058 and older versions), and version 7.1.2-7019 | TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700, NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700, NSsp 15700, TZ80 |
CVE-2024-53704 | Gen7 Firewalls 7.1.x (7.1.1-7058 and older versions), and version 7.1.2-7019 | TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700, NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700, NSsp 15700, TZ80 |
CVE-2024-53705 | Gen6 Hardware Firewalls 6.5.4.15-117n and older versions Gen7 Firewalls 7.0.x (7.0.1-5161 and older versions) Gen7 NSv 7.0.x (7.0.1-5161 and older versions), and version 7.1.2-7019 |
SOHOW, TZ300, TZ300W, TZ400, TZ400W, TZ500, TZ500W, TZ600, NSA 2650, NSA 3600, NSA 3650, NSA 4600, NSA 4650, NSA 5600, NSA 5650, NSA 6600, NSA 6650, SM 9200, SM 9250, SM 9400, SM 9450, SM 9600, SM 9650, TZ300P, TZ600P, SOHO 250, SOHO 250W, TZ350, TZ350W TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700, NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700, NSsp 15700 NSv 270, NSv 470, NSv 870, TZ80 |
CVE-2024-53706 | Gen7 Cloud Platform 7.1.x (7.1.1-7058 and older versions), and version 7.1.2-7019 | NSv 270, NSv 470, NSv 870 (Only AWS and Azure editions) |
Platform | Fixed Platforms | Fixed Versions |
---|---|---|
Gen6 Hardware Firewalls | SOHOW, TZ300, TZ300W, TZ400, TZ400W, TZ500, TZ500W, TZ600, NSA 2650, NSA 3600, NSA 3650, NSA 4600, NSA 4650, NSA 5600, NSA 5650, NSA 6600, NSA 6650, SM 9200, SM 9250, SM 9400, SM 9450, SM 9600, SM 9650, TZ300P, TZ600P, SOHO 250, SOHO 250W, TZ350, TZ350W | 6.5.5.1-6n and higher |
Gen7 NSv | NSv 270, NSv 470, NSv 870 | 7.0.1-5165 and higher |
Gen7 Firewalls | TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700, NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700, NSsp 15700 | 7.0.1-5165 and higher – 7.1.3-7015 and higher |
TZ80 | TZ80 | 8.0.0-8037 and higher |
Recommendations
Engineering recommendations:
- Apply the patch as soon as possible for impacted products
- To minimize the potential impact of SSLVPN vulnerabilities, please ensure that access is limited to trusted sources or disable SSLVPN access from the Internet
- To minimize the potential impact of an SSH vulnerability, we recommend restricting firewall management to trusted sources or disabling firewall SSH management from Internet access
- Enable multi-factor authentication (MFA) for all VPN accounts and user access
- Disable WAN management from internet access if not required
- Regularly monitor firewall and VPN logs, paying close attention to WAN and SSL VPN login events for unusual activity
- Configure VPN services to use non-default ports to reduce exposure to known attack vectors
Leadership/ Program recommendations:
- Consider upgrading or replacing outdated SonicWall devices, especially those running unsupported firmware versions
- Implement strict access control policies, limiting VPN access to only necessary users and IP ranges
Fortified recommends applying patches and updates where possible and only after adequate testing in a development environment to ensure stability and compliance with organizational change management policies.
References:
- MySonicWall.com: https://www.mysonicwall.com/muir/login
- SonicWall psirt advisory: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003
- SonicWall restrict admin access: https://www.sonicwall.com/support/knowledge-base/how-can-i-restrict-admin-access-to-the-device/170503259079248
- SonicWall SSL-VPN: https://www.sonicwall.com/support/knowledge-base/how-can-i-setup-ssl-vpn/170505609285133
- MITRE SonicWall vulnerabilities: https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=SonicWall