HomeRisk ManagementsSonicWall cautions about exploitable SonicOS vulnerability - Source: securityaffairs.com

SonicWall cautions about exploitable SonicOS vulnerability – Source: securityaffairs.com

Published on

spot_img

SonicWall, a prominent cybersecurity company, has recently issued a warning to its customers regarding a critical authentication bypass vulnerability present in its firewall’s SonicOS. The vulnerability, officially recognized as CVE-2024-53704 and assigned a CVSS score of 8.2, specifically affects the SSL VPN and SSH management features of the firewall.

In a proactive move to address the security flaw, SonicWall has urged all users to immediately update their SonicOS firmware to the latest version. The company emphasized the urgency of this action by stating that the vulnerability is “susceptible to actual exploitation.” A notification sent out to customers highlighted the high risk posed by the vulnerability and recommended the firmware upgrade as the primary mitigation measure.

The official advisory from SonicWall outlined the specific firmware versions that address the vulnerability for different generations of their hardware firewalls. For Gen 6 and 6.5 hardware firewalls, users are advised to install SonicOS 6.5.5.1-6n or newer. Similarly, Gen 6 and 6.5 NSv firewalls should be updated to SonicOS 6.5.4.v-21s-RC2457 or newer. For Gen 7 firewalls, SonicOS 7.0.1-5165 or newer versions are recommended. TZ80 firewall users are urged to upgrade to SonicOS 8.0.0-8037 or newer.

In addition to the firmware update, SonicWall also provided specific mitigation measures to reduce the potential impact of the SSL VPN and SSH vulnerabilities. Users are advised to limit access to trusted sources or consider disabling SSLVPN access from the Internet. Similar recommendations are made for SSH vulnerabilities, where restricting firewall management to trusted sources or disabling firewall SSH management from Internet access is suggested.

The company’s proactive approach in notifying customers about the critical vulnerability and providing detailed guidance on mitigation measures demonstrates their commitment to ensuring the security and integrity of their products. By encouraging customers to upgrade to the latest firmware and follow best practices in access control, SonicWall aims to minimize the risk of exploitation and strengthen overall cybersecurity posture.

Overall, the swift response from SonicWall underscores the importance of regular software updates and proactive security measures in safeguarding against potential threats and vulnerabilities. With cybersecurity threats evolving constantly, staying vigilant and proactive in addressing security vulnerabilities is paramount for organizations and individuals alike. SonicWall’s timely notification and clear guidance serve as a valuable reminder of the critical role that proactive security measures play in today’s rapidly evolving threat landscape.

Source link

Latest articles

Hacking group exposes information on 15k vulnerable FortiGate firewall devices

A recent development in the ongoing cybersecurity saga involving vulnerable Fortinet FortiGate firewall devices...

Biotech company resolves class action lawsuit stemming from ransomware attack with $7.5 million settlement

Enzo Biochem, a prominent biotech company, recently made headlines after agreeing to settle a...

Aadhaar-based biometric verification required for new SIM cards to combat fraud and cybercrime – StartupNews.fyi

The Indian government has announced a new measure to combat fraudulent activities associated with...

Karl Triebes is appointed as Ivanti’s Chief Product Officer

Salt Lake City, January 13, 2025 - Ivanti, a leading software company dedicated to...

More like this

Hacking group exposes information on 15k vulnerable FortiGate firewall devices

A recent development in the ongoing cybersecurity saga involving vulnerable Fortinet FortiGate firewall devices...

Biotech company resolves class action lawsuit stemming from ransomware attack with $7.5 million settlement

Enzo Biochem, a prominent biotech company, recently made headlines after agreeing to settle a...

Aadhaar-based biometric verification required for new SIM cards to combat fraud and cybercrime – StartupNews.fyi

The Indian government has announced a new measure to combat fraudulent activities associated with...