Product Notice: SSLVPN and SSH Vulnerability in SonicOS

First Published:01/07/2025

Last Updated:01/07/2025

Overview

There are vulnerabilities reported on the SonicWall firewall running the latest SonicOS code posted on MSW in case features like SSLVPN and SSH management are being enabled on the firewall.

This issue affects SonicWall Gen 6 devices, Gen 7 devices and TZ80 series.

CVE-2024-40762 - SonicOS SSLVPN Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG).
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in the SonicOS SSLVPN authentication token generator that, in certain cases, can be predicted by an attacker potentially resulting in authentication bypass.
CVSS Score: 7.1
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
CVE-2024-53704 - SonicOS SSLVPN Authentication Bypass Vulnerability
An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.
CVSS Score: 8.2
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
CWE-287: Improper Authentication
CVE-2024-53705 - SonicOS SSH Management Server-Side Request Forgery Vulnerability
A Server-Side Request Forgery vulnerability in the SonicOS SSH management interface allows a remote attacker to establish a TCP connection to an IP address on any port when the user is logged in to the firewall.
CVSS Score: 6.5
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE-918: Server-Side Request Forgery (SSRF)
CVE-2024-53706 - Gen7 SonicOS Cloud NSv SSH Config Function Local Privilege Escalation Vulnerability
A vulnerability in the Gen7 SonicOS Cloud platform NSv, allows a remote authenticated local low-privileged attacker to elevate privileges to root and potentially lead to code execution.
CVSS Score: 7.8
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-269 - Improper Privilege Management

There is no evidence that these vulnerabilities are being exploited in the wild and SonicWall SSL VPN SMA100 and SMA1000 series products are not affected by the vulnerabilities.

SonicWall strongly advises users of the SonicWall Firewall products to upgrade to the mentioned fixed release version to address these vulnerabilities.
Please apply the patch as soon as possible for affected products. The latest patch builds are available for download on mysonicwall.com.

Product Impact

Please review the table below to see if your firewall appliance is impacted. If your appliance is using an impacted firmware version, please follow the provided patch guidance.

Gen	Impacted Models	Impacted Version
Gen 6/6.5	SOHOW, TZ 300, TZ 300W, TZ 400, TZ 400W, TZ 500, TZ 500W, TZ 600, NSA 2650, NSA 3600, NSA 3650, NSA 4600, NSA 4650, NSA 5600, NSA 5650, NSA 6600, NSA 6650, SM 9200, SM 9250, SM 9400, SM 9450, SM 9600, SM 9650, TZ 300P, TZ 600P, SOHO 250, SOHO 250W, TZ 350, TZ 350W	SonicOS 6.5.4.15-117n and earlier versions
Gen 7	TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700, NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700, NSsp 15700, NSv 270, NSv 470, NSv 870	SonicOS 7.1.2-7019 and all earlier versions
SOHO	TZ80	SonicOS 8.0.0-8035 and earlier versions

Workaround

Apply the patch as soon as possible for impacted products, latest patch builds are available for download on mysonicwall.com.

To minimize the potential impact of SSLVPN vulnerabilities, please ensure that access is limited to trusted sources, or disable SSLVPN access from the Internet. For more information about disabling firewall SSLVPN access, see: How can I setup SSL-VPN?

To minimize the potential impact of an SSH vulnerability, we recommend restricting firewall management to trusted sources or disabling firewall SSH management from Internet access. For more information about disabling firewall SSH management access, see: how-can-i-restrict-SonicOS-admin-access.

If you have any further questions on restricting/disabling WAN management or SSLVPN access or require additional information, please contact SonicWall Technical Support.

Remediation

Users will need to upgrade their impacted models to the versions mentioned in the table below if they are running SonicOS version which is impacted by this vulnerability.

Gen	Fixed Models	Fixed Version
Gen 6	SOHOW, TZ 300, TZ 300W, TZ 400, TZ 400W, TZ 500, TZ 500W, TZ 600, NSA 2650, NSA 3600, NSA 3650, NSA 4600, NSA 4650, NSA 5600, NSA 5650, NSA 6600, NSA 6650, SM 9200, SM 9250, SM 9400, SM 9450, SM 9600, SM 9650, TZ 300P, TZ 600P, SOHO 250, SOHO 250W, TZ 350, TZ 350W	SonicOS 6.5.5.1-6n and higher
Gen 7	TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700, NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700, NSsp 15700, NSv 270, NSv 470, NSv 870	SonicOS 7.0.1-5165 SonicOS 7.1.3-7015 and higher
SOHO	TZ80	SonicOS 8.0.0-8037 and higher

Medium Severity Vulnerabilities:

There are few additional vulnerabilities reported on Firewall products. However, they are medium to low severity. Details with remediation can be found in the PSIRT advisories below:

Related information

PSIRT ADVISORY SNWLID-2025-0003
How can I upgrade SonicOS on Gen7 Firewalls?
SonicOS 7.1.1 FAQ

Previous Notice

Product Notice: Improper Access Control Vulnerability in SonicOS