-
Notifications
You must be signed in to change notification settings - Fork 47
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #906 from DIVD-NL/sT0wn-nl-patch-3-2
Create DIVD-2025-00002.md
- Loading branch information
Showing
1 changed file
with
54 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,54 @@ | ||
| --- | ||
| layout: case | ||
| title: "Authentication bypass in SonicWall SSL-VPN service" | ||
| author: Alwin Warringa | ||
| lead: Alwin Warringa | ||
| excerpt: "SonicWall has identified an Improper Authentication vulnerability in the SSLVPN authentication mechanism that allows a remote attacker to bypass authentication, posing a serious threat by allowing attackers access to private networks" | ||
| researchers: | ||
| - Alwin Warringa | ||
| - Thijs Alkemade (Computest) | ||
| cves: | ||
| - CVE-2024-53704 | ||
| - CVE-2024-40762 | ||
| product: | ||
| - SonicWall SonicOS | ||
| versions: | ||
| - 7.1.x (7.1.1-7058 and older versions) for Gen7 firewalls | ||
| - 7.1.2-7019 for Gen7 firewalls | ||
| - 8.0.0-8035 for TZ80 firewalls | ||
| recommendation: "Apply the patch as soon as possible for impacted products" | ||
| workaround: "To mitigate the risk posed by these vulnerabilities, users should ensure that access to the SSL-VPN firewalls is limited to trusted sources, or to disable SSL-VPN access from the internet entirely" | ||
| patch_status: Patch available | ||
| status : Open | ||
| start: 2025-01-09 | ||
| timeline: | ||
| - start: 2025-01-09 | ||
| end: | ||
| event: "DIVD starts researching the vulnerability." | ||
| - start: 2025-01-09 | ||
| end: | ||
| event: "DIVD finds fingerprint, preparing to scan." | ||
| - start: 2025-01-09 | ||
| end: | ||
| event: "Case opened and starting first scan." | ||
| - start: 2025-01-10 | ||
| end: | ||
| event: "DIVD starts notifying network owners with a vulnerable devices in their network." | ||
| --- | ||
|
|
||
| ## Summary | ||
| On 7 January 2025, SonicWall released patches for multiple vulnerabilities in Gen6 and Gen7 firewalls. The patched vulnerabilities include two vulnerabilities in the SSLVPN functionality that made it possible to take over established SSLVPN sessions, thereby gaining access to the internal network (CVE-2024-53704 and CVE-2024-40762). While SonicWall has not yet observed that these vulnerabilities are being exploited in the wild, they do describe them as at imminent risk of exploitation. | ||
|
|
||
| ## Recommendations | ||
| To remediate {% cve CVE-2024-53704 %}, apply the patch as soon as possible for impacted products, latest patch builds are available for download on [mysonicwall.com](https://mysonicwall.com). | ||
|
|
||
| ## What we are doing | ||
| DIVD is currently working to identify parties that are running a vulnerable version of SonicWall SSL-VPN service and to notify these parties. | ||
|
|
||
| {% include timeline.html %} | ||
|
|
||
| ## More information | ||
|
|
||
| * {% cve CVE-2024-53704 %} | ||
| * {% cve CVE-2024-40762 %} | ||
| * [SonicWall Security Bulletin](https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003) |