CyberSecurity news
FlagThis
@gbhackers.com - 17d
SonicWall firewalls are facing a critical threat due to a high-severity authentication bypass vulnerability, identified as CVE-2024-53704. This flaw allows attackers to hijack active SSL VPN sessions, potentially granting them unauthorized access to networks. Bishop Fox researchers discovered nearly 4,500 internet-exposed SonicWall firewalls at risk, highlighting the widespread nature of the vulnerability. The affected SonicOS versions include 7.1.x, 7.1.2-7019, and 8.0.0-8035, which are used in various Gen firewalls.
A proof-of-concept exploit has been released for CVE-2024-53704, increasing the urgency for organizations to apply the necessary patches. The exploit involves sending a specially crafted session cookie to the SSL VPN endpoint, bypassing authentication mechanisms, including multi-factor authentication. By exploiting this vulnerability, attackers can access sensitive internal resources, Virtual Office bookmarks, and VPN client configurations, establishing new VPN tunnels into private networks. SonicWall has urged organizations to immediately apply patches to mitigate the vulnerability.
ImgSrc: blogger.googleu
References :
A proof-of-concept exploit has been released for CVE-2024-53704, increasing the urgency for organizations to apply the necessary patches. The exploit involves sending a specially crafted session cookie to the SSL VPN endpoint, bypassing authentication mechanisms, including multi-factor authentication. By exploiting this vulnerability, attackers can access sensitive internal resources, Virtual Office bookmarks, and VPN client configurations, establishing new VPN tunnels into private networks. SonicWall has urged organizations to immediately apply patches to mitigate the vulnerability.
ImgSrc: blogger.googleu
Share:
References :
- gbhackers.com: SonicWall firewalls running specific versions of SonicOS are vulnerable to a critical authentication bypass flaw, tracked as CVE-2024-53704, which allows attackers to hijack active SSL VPN sessions. This vulnerability has been classified as high-risk, with a CVSS score of 8.2.
- MSSP feed for Latest: Nearly 4,500 internet-exposed SonicWall firewalls were discovered by Bishop Fox researchers to be at risk of having their VPN sessions taken over in attacks exploiting a recently patched high-severity authentication bypass flaw within the SonicOS SSLVPN application, tracked as CVE-2024-53704, according to BleepingComputer.
- cyberpress.org: A critical security flaw, CVE-2024-53704, has been identified in SonicWall’s SonicOS SSLVPN application, enabling remote attackers to bypass authentication and hijack active SSL VPN sessions.
- securityaffairs.com: Detailed findings and mitigation strategies related to the SonicWall firewall bug.
- Cyber Security News: SonicWall Firewalls Exploit Let Attackers Remotely Hack Networks Via SSL VPN Sessions Hijack
- gbhackers.com: SonicWall Firewalls Exploit Hijack SSL VPN Sessions to Gain Networks Access
- www.bleepingcomputer.com: SonicWall firewall exploit lets hackers hijack VPN sessions, patch now
- arcticwolf.com: Arctic Wolf Observes Authentication Bypass Exploitation Attempts Targeting SonicWall Firewalls (CVE-2024-53704)
- Arctic Wolf: Arctic Wolf Observes Authentication Bypass Exploitation Attempts Targeting SonicWall Firewalls (CVE-2024-53704)
- arcticwolf.com: On February 10, 2025, Bishop Fox published technical details and proof-of-concept (PoC) exploit code for CVE-2024-53704, a high-severity authentication bypass vulnerability caused by a flaw in the SSLVPN authentication mechanism in SonicOS, the operating system used by SonicWall firewalls. Shortly after the PoC was made public, Arctic Wolf began observing exploitation attempts of this vulnerability
- Arctic Wolf: Arctic Wolf Observes Authentication Bypass Exploitation Attempts Targeting SonicWall Firewalls (CVE-2024-53704)
- The Register - Security: SonicWall firewalls now under attack: Patch ASAP or risk intrusion via your SSL VPN
- bishopfox.com: https://bishopfox.com/blog/sonicwall-cve-2024-53704-ssl-vpn-session-hijacking
- Christoffer S.: Arctic Wolf: Published a blog about observing active exploitation of SonicWALL vulnerability, which Bishop Fox published a PoC for on Feb 10. Unfortunately NO indicators or otherwise actionable intelligence provided beyond active exploitation.
- BleepingComputer: Attackers are now targeting an authentication bypass vulnerability affecting SonicWall firewalls shortly after the release of proof-of-concept (PoC) exploit code.
- heise online English: Patch Sonicwall now! Attackers bypass authentication of firewalls Attacks are currently taking place on Sonicwall firewalls. Security updates are available for download.
- www.bleepingcomputer.com: BleepingComputer reports on attackers exploiting a SonicWall firewall vulnerability after the release of PoC exploit code.
- Anonymous ???????? :af:: Attackers are now targeting an authentication bypass vulnerability affecting SonicWall firewalls shortly after the release of proof-of-concept (PoC) exploit code.
- www.heise.de: Heise Online article urging users to patch their SonicWall devices.
- www.bleepingcomputer.com: Attackers are now targeting an authentication bypass vulnerability affecting SonicWall firewalls shortly after the release of proof-of-concept (PoC) exploit code.
- securityonline.info: SonicWall Firewalls Under Attack: CVE-2024-53704 Exploited in the Wild, PoC Released
Classification:
- HashTags: #SonicWall #VPNHijacking #CVE-2024-53704
- Company: SonicWall
- Target: SonicWall firewalls
- Product: SonicOS
- Feature: SSL VPN
- Malware: CVE-2024-53704
- Type: Vulnerability
- Severity: High