SonicWall Patches Authentication Bypass Vulnerabilities in Firewalls

Summary: SonicWall has released patches for multiple vulnerabilities in its firewalls, including two high-severity authentication bypass flaws. Users are urged to update their systems to mitigate potential exploitation risks.

Threat Actor: Unknown | unknown
Victim: SonicWall Users | SonicWall Users

Key Point :

Two high-severity vulnerabilities (CVE-2024-40762 and CVE-2024-53704) allow for authentication bypass.
Users are advised to update to SonicOS versions 7.1.3-7015 and 8.0.0-8037 for fixes.
Additional vulnerabilities, including a privilege escalation bug (CVE-2024-53706), have also been patched.
Recommendations include limiting SSL-VPN access to trusted sources and modifying LDAP schema settings to prevent MFA bypass.
SonicWall reports no evidence of exploitation in the wild but emphasizes the importance of timely updates.

Source: https://www.securityweek.com/sonicwall-patches-authentication-bypass-vulnerabilities-in-firewalls/

Tags: CLOUD, VPN, EXPLOIT, PRIVILEGE, CVE, FIREWALL