Hack Reports - Latest Cybersecurity News, Trends & Updates

Zero-day vulnerability in Sonicwall SSL VPN is attacked - heise online

Geetansh -

Latest News on SonicWall SSL VPN Vulnerability (January 2025)

Summary:
In January 2025, SonicWall announced updates to address actively attacked vulnerabilities in SonicOS, including a zero-day vulnerability in the SSL VPN and SSH management. The updates aim to close security gaps that are currently being exploited in the wild.

Key Highlights:

  1. Zero-Day Vulnerability:

    • CVE-2024-53704: This vulnerability is an authentication bypass in SonicOS SSLVPN, with a CVSS score of 8.2 and a high risk rating12.
    • Exploitation: The vulnerability allows attackers to predict authentication tokens due to a cryptographically weak pseudo-random number generator (PRNG) used by the SonicOS SSLVPN authentication token generator12.

  2. Other Vulnerabilities:

    • CVE-2024-40762: Use of a weak PRNG in the SonicOS SSLVPN authentication token generator, allowing attackers to predict tokens and bypass authentication (CVSS score 7.1)12.
    • CVE-2024-53705: Server-Side Request Forgery (SSRF) vulnerability in SSH management, enabling attackers to make TCP connections to any IP address on any port if a user is logged into the firewall (CVSS score 6.5)12.
    • CVE-2024-53706: Privilege escalation vulnerability to "root" in Gen7 SonicOS Cloud NSv SSH Config functions (CVSS score 7.8)12.

  3. Security Updates:

    • Release Date: The updates are scheduled to be released on January 7, 2025, for various SonicOS versions, including SonicOS 6.5.5.1-6n, SonicOS 6.5.4.v-21s-RC2457, SonicOS 7.0.1-5165 or 7.1.3-7015, and SonicOS 8.0.0-8037 or newer versions12.

  4. Impact:

    • The vulnerabilities have been actively exploited, necessitating immediate action from administrators to update their firewalls and prevent further attacks12.

  5. Fog and Akira Ransomware Exploitation:

    • The Fog and Akira ransomware groups have been observed exploiting this critical SonicWall VPN flaw (CVE-2024-40766) to breach enterprise networks4.

Detailed Context

The recent security updates from SonicWall aim to address multiple vulnerabilities in their SonicOS platform, including a zero-day vulnerability in the SSL VPN and SSH management. These vulnerabilities have been identified as high-risk and are currently being exploited in the wild. The updates will close these security gaps, ensuring that users can protect their networks from potential attacks.

Trustworthy Citations

  • 1 Heise online: "Zero-day vulnerability in Sonicwall SSL VPN is attacked"
  • 2 Vulnerability.circl.lu: "Bundle - Sonicwall vulnerabilities including critical ones"
  • 4 Security Affairs: "Fog and Akira ransomware attacks exploit SonicWall VPN flaw CVE-2024-40766"

These sources provide detailed information on the vulnerabilities, their impact, and the necessary updates to mitigate them.