SonicWall’s Firewall Fiasco: Urgent Patches Needed to Prevent Security Meltdown

SonicWall announced patches for firewalls to fix high-severity vulnerabilities, including an authentication bypass. Users should update to SonicOS versions 7.1.3-7015 and 8.0.0-8037 to stay secure. While no exploits have been detected in the wild, updating promptly is advised. It’s not uncommon for threat actors to exploit vulnerabilities in SonicWall products.

3P
Published: January 9, 2025 12:44 pmAdded: January 9, 2025 at 5:05 amAssembled by: The Editor
Pro Dashboard

Hot Take:

SonicWall’s recent patch party is a stark reminder that even our firewalls need a little TLC now and then. Who knew that a weak pseudo-random number generator could lead to such a predictable disaster? Time to update those firewalls, folks, because nothing says ‘You’re welcome, hackers!’ like leaving the front door wide open.

Key Points:

  • SonicWall has patched several vulnerabilities in its firewalls, including two high-severity authentication bypass flaws.
  • CVE-2024-40762 is due to a weak pseudo-random number generator in SonicOS, while CVE-2024-53704 involves improper authentication in the SSLVPN mechanism.
  • Users are urged to update to SonicOS versions 7.1.3-7015 and 8.0.0-8037 to address these vulnerabilities.
  • Additional patches include fixes for privilege escalation, server-side request forgery, and other medium-severity vulnerabilities.
  • SonicWall advises limiting SSL-VPN access to trusted sources or disabling it entirely to mitigate risks.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?