- 2/2025
- High
SonicWall has released security updates to fix multiple vulnerabilities affecting SonicOS and SonicWALL SSL-VPN.
The addressed vulnerabilities could allow the attacker to perform denial of service attacks, obtain sensitive information, gain elevated privileges, conduct server-side request forgery attacks, or execute arbitrary code and gain access to the affected systems.
Sample of the addressed vulnerabilities:
1. SonicOS SSLVPN Authentication Bypass Vulnerability (CVE-2024-53704):
- CVSS: 8.2
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Bypass Security
2. SonicOS SSH Management Server-Side Request Forgery Vulnerability (CVE-2024-53705):
- CVSS: 6.5
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Server-Side Request Forgery (SSRF)
Vulnerabilities
- CVE-2024-40762
- CVE-2024-53704
- CVE-2024-53705
- CVE-2024-53706
- CVE-2024-12802
- CVE-2024-12803
- CVE-2024-12805
- CVE-2024-12806
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.