icon

Digital safety starts here for both commercial and personal Use...

Defend Your Business Against the Latest WNY Cyber Threats We offer Safe, Secure and Affordable Solutions for your Business and Personal Networks and Devices.



WNYCyber is there to help you to choose the best service providers in Western New York... We DO NOT provide the services ourselves, as we are Internet Programmers who have to deak daily with Cyber Threats... (Ugghhh)... So we know what it's like and what it takes to protect OUR and OUR CUSTOMERS DATA... We built this Website to help steer you to those that can give you the best service at realistic and non-inflated prices. We do charge or collect any fees.

Buffalo, New York
United States

Current Threat Data

SonicWall Urges Admins to Patch Exploitable SSLVPN Bug Immediately

Summary:
SonicWall released a security bulletin on January 7, 2025, warning customers to upgrade their firewall’s SonicOS firmware to patch an authentication bypass vulnerability in SSL VPN and SSH management that SonicWall deemed susceptible to in-the-wild attacks. This vulnerability is being tracked as CVE-2024-53704 and impacts multiple generation six and generation seven firewalls, running 6.5.4.15-117n and older and 7.0.1-5161 and older versions. SonicWall recommends mitigating this vulnerability immediately by upgrading to the latest firmware version. In an email sent to SonicWall customers, the firewall vendor says the patches are available as of yesterday, and all impacted customers should install them immediately to prevent exploitation. Ivanti has not witnessed any active exploitation as of the publishing of the security advisory. Impacted users are recommended to upgrade to the following versions to address the security risk:
  • Gen 6 / 6.5 hardware firewalls: SonicOS 6.5.5.1-6n or newer
  • Gen 6 / 6.5 NSv firewalls: SonicOS 6.5.4.v-21s-RC2457 or newer
  • Gen 7 firewalls: SonicOS 7.0.1-5165 or newer; 7.1.3-7015 and higher
  • TZ80: SonicOS 8.0.0-8037 or newer
Security Officer Comments:
This SonicWall bulletin lists three other medium to high-severity flaws, CVE-2024-40762, CVE-2024-53705, and CVE-2024-53706. This recommendation to update SonicWall SSLVPN instances is published as a flaw in another SSLVPN product, Ivanti Connect Secure, is being actively exploited to install malware on appliances, according to Ivanti’s investigation. The vulnerability carries the moniker CVE-2025-0282 as well as a critical CVSS score of 9.0 and has been exploited as a zero-day. SSL VPNs are frequently used by organizations for secure access to internal networks and applications, especially due to the increase in remote work, emphasizing the need to prioritize prompt patch management for instances of these products.

Suggested Corrections:
Recommendations from SonicWall:
  • Apply the patch as soon as possible for impacted products, latest patch builds are available for download on mysonicwall.com.
  • To minimize the potential impact of SSLVPN vulnerabilities, please ensure that access is limited to trusted sources, or disable SSLVPN access from the Internet. For more information about disabling firewall SSLVPN access, see: how-can-i-setup-ssl-vpn.
  • To minimize the potential impact of an SSH vulnerability, we recommend restricting firewall management to trusted sources or disabling firewall SSH management from Internet access.
  • For more information about disabling firewall SSH management access, see: how-can-i-restrict-SonicOS-admin-access.
  • If you have any further questions on restricting/disabling SSH management or require additional information, please contact SonicWall Technical Support.
Zero days can be tough to mitigate depending on what type of device or piece of software is susceptible. The time gap between the production, release, and deployment of a patch and vulnerability disclosure is the most critical aspect of zero vulnerabilities or anyone for that matter. An attacker can leverage a vulnerability from when it's known until systems are patched, which is why vulnerabilities must be responsibly disclosed to vendors. Unfortunately, until development teams release a patch or effective mitigation, there is not much companies can do to prevent attackers from leveraging unpatched systems, especially those exposed to the internet - aside from taking them offline entirely. A disconnect can significantly impact business functions which is why those who fill IT Leadership roles must communicate the possible implications, risks, and overall impact to business leaders so decisions can be made that favor all aspects of the business totality. Applying defense-in-depth strategies and zero-trust can significantly assist in preventing the exploitation of zero-days. Still, it may not contain a full-blown attack depending on the severity and type of exploit possible.

Link(s):
https://www.bleepingcomputer.com/news/security/sonicwall-urges-admins-to-patch-exploitable-sslvpn-bug-immediately/
 Like
 

Contact Us for Threat Assistance
Back to Current Threats