-
Products
-
SonicPlatform
SonicPlatform is the cybersecurity platform purpose-built for MSPs, making managing complex security environments among multiple tenants easy and streamlined.
Discover More
-
-
Solutions
-
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn MoreFederalProtect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn More - Industries
- Use Cases
-
-
Partners
-
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
Learn MorePartner PortalAccess to deal registration, MDF, sales and marketing tools, training and more
Learn More - SonicWall Partners
- Partner Resources
-
-
Support
-
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn MoreSupport PortalFind answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn More - Support
- Resources
- Capture Labs
-
- Company
- Contact Us
SonicOS SSL-VPN Improper authentication
First Published:02/06/2024
Last Updated:02/08/2024
- CVE IDs - CVE-2024-22394
- CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
- Affected Products: SonicWall Gen7 firewalls running SonicOS 7.1.1-7040 Image
Description of vulnerability:
An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could allow a remote attacker to bypass authentication (SNWLID-2024-0003).
This issue affects only Gen7 SonicWall firewall running OS/firmware version SonicOS 7.1.1-7040.
IMPORTANT: This vulnerability has no impact on any other products or SonicOS versions other than the one mentioned in this article. Additionally, SonicWall is not aware of active exploitation in the wild. There have not been any reports of malicious use of this vulnerability reported to SonicWall.
Product Impact
Please review the table below to see if your firewall appliance is impacted. If your appliance is using an impacted firmware version, please follow the provided patch guidance.
Impacted Platforms | Impacted Version |
Gen7 - TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, | 7.1.1-7040 |
Remediation
The vulnerability has been patched, users of older versions of SonicWall firmware should upgrade to below mentioned latest version immediately.
Impacted Platforms | Fixed Version |
Gen7-TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, | 7.1.1-7047 (R5557) and higher versions |
TIP: For assistance with firmware auto upgrade please follow:Firmware Auto Update Feature in Firmware 7.1.1
When we were first notified of it: First noticed by researcher and PSIRT received the report on 5th Feb 2024.
Has it been exploited in the wild: SonicWall PSIRT is not aware of active exploitation in the wild. No reports of a PoC have been made public, and malicious use of this vulnerability have not been reported to SonicWall.
Related information
Follow Us
© 2024 SonicWall. All Rights Reserved.