The bug, tracked as CVE-2024-53704, has been patched in a firmware upgrade available since Jan. 7, which also sealed other, less-critical vulnerabilities.
Remote unauthorized access
SonicWall’s network security appliances use the SonicOS SSLVPN to enable secure remote access to internal network resources over the internet.
With a CVSS score of 8.2/10, the vulnerability impacts a number of Gen6 and Gen7 firewalls. The fixed versions include SonicOS 6.5.5.1-6n or newer for hardware firewalls, SonicOS 6.5.4.v-21s-RC2457 or newer for NSv firewalls, and SonicOS 7.0.1-5165 or newer for Gen 7 firewalls.