SonicWall has issued an urgent security advisory regarding a high-severity authentication bypass vulnerability in their firewall's SonicOS operating system that could be actively exploited.
The vulnerability, tracked as CVE-2024-53704 with a CVSS score of 8.2, affects the SSL VPN and SSH management functions of SonicWall firewalls. The company has warned that systems with these features enabled are at immediate risk.
To address this security issue, SonicWall has released patched firmware versions for different firewall models:
- Gen 6/6.5 hardware firewalls: SonicOS 6.5.5.1-6n or newer
- Gen 6/6.5 NSv firewalls: SonicOS 6.5.4.v-21s-RC2457 or newer
- Gen 7 firewalls: SonicOS 7.0.1-5165 or newer; 7.1.3-7015 and higher
- TZ80: SonicOS 8.0.0-8037 or newer
For organizations unable to update immediately, SonicWall recommends temporary mitigation steps including limiting SSL VPN access to trusted sources or disabling it completely from Internet access. Similar precautions are advised for SSH management access.
The company emphasizes that customers using SSL VPN should treat this as an urgent security update requiring immediate attention to protect their systems from potential exploitation.
This security patch release also includes fixes for additional vulnerabilities that were deemed less critical by the company.