Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: Multipe Vulnerabilities In SonicWall, Patch Immediately!
Image
Published : 09/01/2025
Reference:
Advisory #2025-006
Version:
2.0
Affected software:
SonicWall Gen6 Hardware Firewalls: 6.5.5.1-6n
SonicWall Gen7 Firewalls: 7.1.3-7015
SonicWall Gen7 NSv: 7.0.1-5165
SonicWall TZ80: 8.0.0-8037
Type:
Authentication bypass / Remote code execution / Code Execution / Unauthorized connection
CVE/CVSS:
CVE-2024-40762: CVSS 7.1 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H)
CVE-2024-53704: CVSS 8.2 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H)
CVE-2024-53705: CVSS 6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
CVE-2024-53706: CVSS 7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
Sources
Official Manufacturer: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003
Risks
SonicWall devices are widely deployed as perimeter security solutions. Their positioning at the network's edge and exposure to the internet make them prime targets for threat actors, who often scan for these exposed interfaces to exploit vulnerabilities or misconfigurations.
Exploiting vulnerabilities in SonicWall devices can provide threat actors with internal network access, positioning them to conduct follow-on attacks, including ransomware deployment. Reports indicate that ransomware groups, such as Akira and Fog, are actively exploiting previous SonicWall vulnerabilities.
All the vulnerabilities in this advisory add up to high impact on confidentiality, integrity, and availability.
Update 2025-02-20: As of the 10th of February 2025, a proof of concept exploit was published for CVE-2024-53704. On the 18th of February 2025, CISA added the vulnerability to their Known Exploited Vulnerabilities Catalogue, highlighting once again that the existence of proof of concept code significantly increases the chances of exploitation. The importance of patching has increased given the new developments.
Description
SonicWall has disclosed several vulnerabilities in SonicOS, which may expose systems to remote exploitation or privilege escalation:
- CVE-2024-40762: A cryptographically weak pseudo-random number generator (PRNG) used in SSLVPN authentication could allow attackers to predict tokens and bypass authentication under certain circumstances.
- CVE-2024-53704: An improper authentication flaw in the SSLVPN mechanism enables remote attackers to bypass authentication entirely.
- CVE-2024-53705: A server-side request forgery (SSRF) issue in the SSH management interface allows attackers to create TCP connections to arbitrary IP addresses and ports if a user is logged into the firewall.
- CVE-2024-53706: In Gen7 SonicOS Cloud NSv (AWS/Azure editions), a local privilege escalation vulnerability allows authenticated low-privileged users to gain root access, potentially leading to code execution.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Please patch to the following software versions:
Gen6 Hardware Firewalls >= 6.5.5.1-6n
Gen7 NSv >= 7.0.1-5165
Gen7 Firewalls >= 7.1.3-7015
TZ80 >= 8.0.0-8037
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
Security Online: SonicWall Issues Important Security Advisory for Multiple Vulnerabilities in SonicOS
Arctic Wolf Labs: https://arcticwolf.com/resources/blog/arctic-wolf-labs-observes-increased-fog-and-akira-ransomware-activity-linked-to-sonicwall-ssl-vpn/
CISA KEV: https://www.cisa.gov/known-exploited-vulnerabilities-catalog