SANS Stormcast Highlights Critical Security Flaws in SonicWall Firewalls, libssh2, and FFmpeg

The June 24, 2026, SANS Internet Storm Center Stormcast covered two major security issues: compromised SonicWall firewalls and critical vulnerabilities in widely used libraries. Manuel analyzed SonicWall firewalls patched for 2024 credential-theft vulnerabilities, finding 86% failed to reconcile credentials with Active Directory and 80% did not rotate passwords, leaving legacy or attacker-created accounts active. Additionally, 36% did not terminate stale VPN sessions, and 43% neglected post-patch log reviews for indicators of compromise. The episode also highlighted a heap-based buffer overflow in libssh2 (CVE likely), enabling remote code execution via malicious SSH servers or man-in-the-middle attacks pre-authentication, with patches available. Another critical flaw affected FFmpeg, involving a heap out-of-bounds write in the MagicYUV decoder, risking remote code execution in any software using the library, including video players and serverside conversion tools. The host noted most users rely on precompiled FFmpeg packages with vulnerable decoders enabled by default. The podcast concluded with a travel-related hiatus, resuming the following Monday.