Cybersecurity firm SonicWall has issued security updates to address several high-severity vulnerabilities discovered in its Gen 7 series firewalls and its Email Security (ES) appliance. The company’s advisory confirmed that there is no evidence of these flaws being exploited in the wild.

The patches address a total of three vulnerabilities, impacting separate product lines. SonicWall has urged its customers to apply the necessary updates to mitigate any risks associated with these security issues.

Vulnerabilities in Gen 7 Firewalls

Two vulnerabilities were addressed in SonicWall’s Gen 7 firewalls running specific versions of SonicOS. The first, tracked as CVE-2024-22385, is a denial-of-service (DoS) vulnerability with a CVSS score of 7.5. The second, identified as CVE-2024-22384, is a cross-site scripting (XSS) flaw with a CVSS score of 7.1. Both vulnerabilities affect SonicOS version 7.1.1-7076 and earlier. SonicWall has released SonicOS version 7.1.1-7077 to remediate these issues.

Email Security Appliance Flaw Patched

A high-severity improper access control vulnerability, tracked as CVE-2023-34134, was patched in the SonicWall Email Security (ES) appliance. This flaw has a CVSS score of 8.8. According to the advisory, this vulnerability allowed an authenticated attacker to create a new administrative account by sending a specially crafted HTTP request. This issue was discovered and reported by researcher Michael Yuen. The vulnerability affected ES versions 10.0.9.x, and the patch has been made available in version 10.0.10.

Source: https://www.securityweek.com/sonicwall-patches-high-severity-flaws-in-firewalls-email-security-appliance/