Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

SonicWall VPN flaw could allow hackers to hijack your sessions, so patch now

SonicWall
A VPN runs on a mobile phone placed on a laptop keyboard.
  • Bishop Fox found a way to abuse a SonicWall VPN flaw
  • It allows threat actors to bypass authentication and hijack sessions
  • There are thousands of vulnerable endpoints

A major vulnerability in the SonicWall VPN which can be exploited to hijack sessions and access the target network has now seen its first proof-of-concept (PoC) attack, meaning it’s only a matter of time before cybercriminals start exploiting it in the wild.

In early January 2025, SonicWall raised the alarm on a vulnerability in SonicOS and urged its users to apply the fix immediately. The flaw is tracked as CVE-2024-53704, and described as an Improper Authentication bug in the SSLVPN authentication mechanism. It was given a severity score of 9.8/10 (critical) and was said it could be abused to allow a remote attacker to bypass authentication.

It impacted SonicOS versions 7.1.x (up to 7.1.1-7058), 7.1.2-7019, and 8.0.0-8035. SonicWall released versions SonicOS 8.0.0-8037 and later, 7.0.1-5165 and higher, 7.1.3-7015 and higher, and 6.5.5.1-6n and higher, to address the bug. At the time, there were more than 4,500 internet-exposed endpoints.

Proof of Concept

Now, since SonicWall users were given enough time to patch, security researchers from Bishop Fox came forward with more details about the vulnerability, as well as a PoC. After a “significant” reverse-engineering effort, Bishop Fox said the vulnerability could be exploited by sending a custom-built session cookie containing a base64-encoded string of null bytes to the SSLVPN authentication endpoint.

This results in the endpoint assuming the request was associated with an active VPN session and incorrectly validates it. As a result, the target is logged out, while the attacker gets access to the session, including the ability to read the victim’s Virtual Office bookmarks, access VPN client configuration settings, open a VPN tunnel, and more.

"With that, we were able to identify the username and domain of the hijacked session, along with private routes the user was able to access through the SSL VPN," the researchers said.

Via BleepingComputer

You might also like

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
80 Times Clueless Older People On Social Media Cracked People Up
From (very) misplaced poop emojis to bizarre death announcements, our grannies and grandpas are doing the most on social media. The post 80 Times Clueless Older People On Social Media Cracked People Up first appeared on Bored Panda.
Bored Panda
Bored Panda
One A-lister has opened up about her regret turning down the lead role in 'The Devil Wears Prada'
One A-lister has opened up about her regret turning down the lead role in 'The Devil Wears Prada'
Marie Claire
Marie Claire
Kid Rock reportedly splits from fiancée after being seen with Lauren Boebert
The MAGA musician and Audrey Berry had been engaged since 2017
The Independent UK
The Independent UK
Identity of Dave Grohl's love child's mother revealed after months of secrecy
The Foo Fighters frontman, 56, revealed in September that he had fathered a baby with another woman
Evening Standard
Evening Standard
Simpsons star ‘vindicated’ more than 30 years after making cameo
New York Yankees players will no longer be told to ‘get rid of those sideburns’
The Independent UK
The Independent UK
Where to watch The Simpsons: stream old episodes of the classic animation and watch new ones on TV
All 36 seasons and counting
WhatToWatch
WhatToWatch
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.
Download on the AppStore Get it on Google Play