Over 400 SonicWall firewalls continue to be susceptible to unauthorized access
In the latest cybersecurity update, a critical authentication bypass vulnerability (CVE-2024-53704) has been identified in SonicWall firewalls. This vulnerability, when exploited, could potentially allow attackers to bypass authentication protections and gain unauthorized access to network resources or firewall management interfaces.
The vulnerability affects SonicWall TZ, NSa, NSsp series firewalls, and NSv series virtual firewalls, running vulnerable SonicOS firmware versions. The severity of the vulnerability is significant, with a CVSS score ranging from 8.2 to 9.8, depending on specifics such as scope and context of the advisory.
Recent reports suggest that there have been attempts to exploit this vulnerability, emphasizing the urgency for immediate upgrades. SonicWall is urging customers to apply patches to their devices, and the Cybersecurity and Infrastructure Security Agency has added the flaw to its known exploited vulnerabilities catalog.
If upgrading firmware is not possible, SonicWall suggests disabling the SSL VPN as an option. It is also recommended to monitor logs and network traffic for unusual activity targeting SSLVPN or firewall management interfaces.
Researchers from Bishop Fox have released a proof of concept for the vulnerability, and there have been warnings of active exploitation attempts earlier this month. As of Tuesday, the number of vulnerable instances has decreased from 5,000 to 445.
Organisations should ensure that their devices are running supported firmware versions, as over 20,000 SonicWall devices are reportedly running unsupported versions, which increases risk. In addition to CVE-2024-53704, recent firmware updates include mitigations for other vulnerabilities, so it is best practice to keep all network security devices fully updated.
SonicWall has issued an advisory and patched the vulnerability in January. It is crucial to note that while there has been a recent ransomware attack (CVE-2024-40766) on SonicWall SSLVPN, this specific exploitation is not directly tied to CVE-2024-53704.
In summary, CVE-2024-53704 is a critical vulnerability that requires immediate attention. SonicWall continues to emphasize the urgency of patching all affected devices, as attackers are actively targeting similar vulnerabilities in the wild. Organisations should follow the mitigation steps provided to protect their network resources and firewall management interfaces.
- The critical vulnerability, CVE-2024-53704, identified in SonicWall firewalls has been added to the Cybersecurity and Infrastructure Security Agency's known exploited vulnerabilities catalog, emphasizing its significance for cybersecurity.
- General-news reports suggest that researchers from Bishop Fox have released a proof of concept for CVE-2024-53704, and there have been warnings of active exploitation attempts, making it crucial for organizations to apply the patches provided by SonicWall.
- Given the urgency of the situation, cybersecurity experts recommend that organizations monitor their logs and network traffic for unusual activity targeting SSLVPN or firewall management interfaces, in addition to ensuring that all devices are running supported firmware versions to protect their network resources.
