Zero-day vulnerability in Sonicwall SSL VPN is attacked - heise online

Latest News on SonicWall SSL VPN Vulnerability (January 2025)

Summary:
In January 2025, SonicWall announced updates to address actively attacked vulnerabilities in SonicOS, including a zero-day vulnerability in the SSL VPN and SSH management. The updates aim to close security gaps that are currently being exploited in the wild.

Key Highlights:

1. Zero-Day Vulnerability:

   • CVE-2024-53704: This vulnerability is an authentication bypass in SonicOS SSLVPN, with a CVSS score of 8.2 and a high risk rating12.
   • Exploitation: The vulnerability allows attackers to predict authentication tokens due to a cryptographically weak pseudo-random number generator (PRNG) used by the SonicOS SSLVPN authentication token generator12.

2. Other Vulnerabilities:

   • CVE-2024-40762: Use of a weak PRNG in the SonicOS SSLVPN authentication token generator, allowing attackers to predict tokens and bypass authentication (CVSS score 7.1)12.
   • CVE-2024-53705: Server-Side Request Forgery (SSRF) vulnerability in SSH management, enabling attackers to make TCP connections to any IP address on any port if a user is logged into the firewall (CVSS score 6.5)12.
   • CVE-2024-53706: Privilege escalation vulnerability to "root" in Gen7 SonicOS Cloud NSv SSH Config functions (CVSS score 7.8)12.

3. Security Updates:

   • Release Date: The updates are scheduled to be released on January 7, 2025, for various SonicOS versions, including SonicOS 6.5.5.1-6n, SonicOS 6.5.4.v-21s-RC2457, SonicOS 7.0.1-5165 or 7.1.3-7015, and SonicOS 8.0.0-8037 or newer versions12.

4. Impact:

   • The vulnerabilities have been actively exploited, necessitating immediate action from administrators to update their firewalls and prevent further attacks12.

5. Fog and Akira Ransomware Exploitation:

   • The Fog and Akira ransomware groups have been observed exploiting this critical SonicWall VPN flaw (CVE-2024-40766) to breach enterprise networks4.

Detailed Context

The recent security updates from SonicWall aim to address multiple vulnerabilities in their SonicOS platform, including a zero-day vulnerability in the SSL VPN and SSH management. These vulnerabilities have been identified as high-risk and are currently being exploited in the wild. The updates will close these security gaps, ensuring that users can protect their networks from potential attacks.

Trustworthy Citations

• 1 Heise online: "Zero-day vulnerability in Sonicwall SSL VPN is attacked"
• 2 Vulnerability.circl.lu: "Bundle - Sonicwall vulnerabilities including critical ones"
• 4 Security Affairs: "Fog and Akira ransomware attacks exploit SonicWall VPN flaw CVE-2024-40766"

These sources provide detailed information on the vulnerabilities, their impact, and the necessary updates to mitigate them.