National Cyber Warfare Foundation (NCWF)

SonicWall patches three SonicOS flaws in Gen 6, 7 and 8 firewalls. Patch them now
0 user ratings		2026-05-01 09:08:09
milo
Blue Team (CND)
SonicWall patches three SonicOS flaws in Gen 6, 7 and 8 firewalls. The company released firmware updates to block bypass attacks and unauthorized access. SonicWall released urgent firmware updates to fix three SonicOS vulnerabilities affecting Gen 6, Gen 7, and Gen 8 firewalls. The flaws could allow attackers to bypass security controls, access restricted services, […


SonicWall patches three SonicOS flaws in Gen 6, 7 and 8 firewalls. The company released firmware updates to block bypass attacks and unauthorized access.





SonicWall released urgent firmware updates to fix three SonicOS vulnerabilities affecting Gen 6, Gen 7, and Gen 8 firewalls. The flaws could allow attackers to bypass security controls, access restricted services, and crash devices. One vulnerability is rated high severity, two are medium.





Users are strongly urged to apply the fixes immediately to keep their systems protected.





The most severe vulnerability, tracked as CVE-2026-0204 (CVSS score of 8.0), is an improper access control issue in SonicOS.





“A vulnerability in the access control mechanism of SonicOS may allow certain management interface functions to be accessible under specific conditions.” reads the advisory.





The second issue addressed by the vendor, tracked as CVE-2026-0205 (CVSS score of 6.8), is a post-authentication path traversal flaw in SonicOS. An attacker can exploit the flaw to interact with usually restricted services.





The last issue fixed by SonicWall, tracked as CVE-2026-0206 (CVSS score of 6.8), is a post-authentication stack-based buffer overflow vulnerability in SonicOS.





“A post-authentication Stack-based Buffer Overflow vulnerabilities in SonicOS allows a remote attacker to crash a firewall.” reads the advisory.





The three flaws affect appliances running firmware up to 6.5.5.1-6n, 7.0.1-5169, 7.3.1-7013, and 8.1.0-8017. Versions 6.5.5.2-28n, 7.3.2-7010, and 8.2.0-8009 addressed the flaw.





The company recommends customers to update immediately or, until patching is possible, limit management to SSH by disabling HTTP/HTTPS management and SSLVPN on all interfaces.





“Until the below patches can be applied and all affected versions are fixed, SonicWall PSIRT strongly recommends that administrators fully disable HTTP/HTTPS-based firewall management and SSLVPN on all interfaces, and restrict management access to SSH only.” concludes the advisory.





At this time, there is no evidence that the security flaws have been exploited in the wild.





Follow me on Twitter: @securityaffairs and Facebook and Mastodon





Pierluigi Paganini





(SecurityAffairs – hacking, SonicOS)



Source: SecurityAffairs
Source Link: https://securityaffairs.com/191527/security/sonicwall-patches-three-sonicos-flaws-in-gen-6-7-and-8-firewalls-patch-them-now.html

Comments
new comment
Nobody has commented yet. Will you be the first?
  
Forum
Blue Team (CND)


Copyright 2012 through 2026 - National Cyber Warfare Foundation - All rights reserved worldwide.