High Threat Security Alert (A26-05-37): Vulnerability in SonicWall Products

Description:

SonicWall released security advisories to address a vulnerability in SonicWall systems. An attacker could exploit this vulnerability by sending specially crafted requests to an affected system.

Reports indicated that the security restriction bypass vulnerability (CVE-2024-12802) in SonicWall products is actively exploited. System administrators are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.

Affected Systems:

• SonicWall Gen6 NSv running SonicOS versions prior to 6.5.4.4-44v-21-2457
• SonicWall Gen6 Firewalls running SonicOS versions prior to 6.5.4.15-117n
• SonicWall Gen7 NSv running SonicOS versions prior to 7.0.1-5161, 7.1.1-7058, 7.1.2-7019
• SonicWall Gen7 Firewalls running SonicOS versions prior to 77.0.1-5161, 7.1.1-7058, 7.1.2-7019
• SonicWall TZ80 running SonicOS versions prior to 8.0.0-8035
• SonicWall SMA100 versions prior to 10.2.1.13-72sv

For detailed information of the affected systems, please refer to the corresponding security advisories at vendor's website.

Impact:

Successful exploitation of the vulnerability could lead to security restriction bypass on an affected system.

Recommendation:

Patches for affected systems are now available. Administrators of affected systems should follow the recommendations provided by the vendor and take immediate actions to mitigate the risk.

More Information:

• https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0001
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12802