- Gen6 Hardware Firewalls versions prior to 6.5.5.1-6n
- Gen7 Firewalls versions prior to 7.1.3-7015
- Gen7 NSv versions prior to 7.0.1-5165
- TZ80 versions prior to 8.0.0-8037
- Large and medium government entities: High
- Small government entities: Medium
- Large and medium business entities: High
- Small business entities: Medium
- An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication. (CVE-2024-53704)
- Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in the SonicOS SSLVPN authentication token generator that, in certain cases, can be predicted by an attacker potentially resulting in authentication bypass. (CVE-2024-40762)
- A Server-Side Request Forgery vulnerability in the SonicOS SSH management interface allows a remote attacker to establish a TCP connection to an IP address on any port when the user is logged in to the firewall. (CVE-2024-53705)
- A vulnerability in the Gen7 SonicOS Cloud platform NSv (AWS and Azure editions only), allows a remote authenticated local low-privileged attacker to elevate privileges to `root` and potentially lead to code execution. (CVE-2024-53706)
- Apply appropriate updates provided by SoincWall to vulnerable systems immediately after appropriate testing. (M1051: Update Software)
- Safeguard 7.1: Establish and Maintain a Vulnerability Management Process: Establish and maintain a documented vulnerability management process for enterprise assets. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.
- Safeguard 7.4: Perform Automated Application Patch Management: Perform application updates on enterprise assets through automated patch management on a monthly, or more frequent, basis.
- Safeguard 7.6: Perform Automated Vulnerability Scans of Externally-Exposed Enterprise Assets: Perform automated vulnerability scans of externally-exposed enterprise assets using a SCAP-compliant vulnerability scanning tool. Perform scans on a monthly, or more frequent, basis.
- Safeguard 7.7: Remediate Detected Vulnerabilities: Remediate detected vulnerabilities in software through processes and tooling on a monthly, or more frequent, basis, based on the remediation process.
- Apply the Principle of Least Privilege to all systems and services. Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack. (M1026: Privileged Account Management)
- Safeguard 4.7: Manage Default Accounts on Enterprise Assets and Software: Manage default accounts on enterprise assets and software, such as root, administrator, and other pre-configured vendor accounts. Example implementations can include: disabling default accounts or making them unusable.
- Safeguard 5.4: Restrict Administrator Privileges to Dedicated Administrator Accounts: Restrict administrator privileges to dedicated administrator accounts on enterprise assets. Conduct general computing activities, such as internet browsing, email, and productivity suite use, from the user’s primary, non-privileged account.
- Prevent access to file shares, remote access to systems, unnecessary services. Mechanisms to limit access may include use of network concentrators, RDP gateways, etc. (M1035: Limit Access to Resource Over Network)
- Use intrusion detection signatures to block traffic at network boundaries. (M1031: Network Intrusion Prevention)
- Safeguard 13.3: Deploy a Network Intrusion Detection Solution: Deploy a network intrusion detection solution on enterprise assets, where appropriate. Example implementations include the use of a Network Intrusion Detection System (NIDS) or equivalent cloud service provider (CSP) service.
- Safeguard 13.8: Deploy a Network Intrusion Prevention Solution: Deploy a network intrusion prevention solution, where appropriate. Example implementations include the use of a Network Intrusion Prevention System (NIPS) or equivalent CSP service.
- Use capabilities to detect and block conditions that may lead to or be indicative of a software exploit occurring. (M1050: Exploit Protection)
- Safeguard 13.10: Performing Application Layer Filtering: Perform application layer filtering. Example implementations include a filtering proxy, application layer firewall, or gateway.
REFERENCES:
SonicWall: https://psirt.global.<wbr />sonicwall.com/vuln-detail/<wbr />SNWLID-2025-0003 CVE: https://cve.mitre.org/cgi-bin/<wbr />cvename.cgi?name=CVE-2024-<wbr />40762 https://cve.mitre.org/cgi-bin/<wbr />cvename.cgi?name=CVE-2024-<wbr />53704 https://cve.mitre.org/cgi-bin/<wbr />cvename.cgi?name=CVE-2024-<wbr />53705 https://cve.mitre.org/cgi-bin/<wbr />cvename.cgi?name=CVE-2024-<wbr />53706
