- Security researchers are warning of a SonicWall flaw being actively exploited
- The bug was discovered in early January 2025, and subsequently fixed
- However not all users have applied the patch yet
Cybercriminals are actively abusing a vulnerability in SonicWall firewalls to gain access to target endpoints, tamper with the VPN, and more, cybersecurity researchers Arctic Wolf have revealed.
The vulnerability in question is an Improper Authentication bug in the SSLVPN authentication mechanism. It was discovered in early January 2025 and was given a severity score of 9.8/10 - critical. It is tracked as CVE-2024-53704 and impacts SonicOS versions 7.1.x (up to 7.1.1-7058), 7.1.2-7019, and 8.0.0-8035. SonicWall released versions SonicOS 8.0.0-8037 and later, 7.0.1-5165 and higher, 7.1.3-7015 and higher, and 6.5.5.1-6n and higher, to address the bug.
Soon after SonicWall released a fix, security outlet Bishop Fox came forward with a Proof-of-Concept (PoC) exploit to warn the security community, and SonicWall users, about potential attack avenues. Consequently, it also gave cybercriminals ideas on how to exploit the flaw and expectedly, it has happened.
Exploitation attempts
"Shortly after the proof-of-concept was made public, Arctic Wolf began observing exploitation attempts of this vulnerability in the threat landscape," the company said in its security advisory.
The researchers explained that in the exploit, the target endpoint incorrectly validates a malicious session attempt. As a result, the target is logged out, while the attacker gets access to the session, including the ability to read the victim’s Virtual Office bookmarks, access VPN client configuration settings, open a VPN tunnel, and more.
"With that, we were able to identify the username and domain of the hijacked session, along with private routes the user was able to access through the SSL VPN," the researchers said.
Even though a patch is available for more than a month now, there are still thousands of vulnerable endpoints out there.
Via The Register
You might also like
- SonicWall tells admins to patch worrying SSLVPN flaw immediately
- We've rounded up the best password managers
- Take a look at our guide to the best authenticator app
