- Bishop Fox has found a way to mistreat a Sonicwall VPN defect
- It allows threats to bypass authentication and diversion sessions
- There are thousands of vulnerable ending criteria
A major vulnerability in the Sonicwall VPN which can be used to divert sessions and access the target network has now seen its first concept proof attack (POC), which means that it is only a matter of time before Cybercriminals are not starting to exploit it in nature.
In early January 2025, Sonicwall raised the alarm from a vulnerability to Sonicos and urged its users to immediately apply the fix. The defect is followed as CVE-2024-53704 and describes as an inappropriate authentication bucket in the SSLVPN authentication mechanism. He received a gravity score of 9.8 / 10 (critic) and was said that he could be mistreated to allow a distant attacker to bypass authentication.
He had an impact on the Sonicos 7.1.X versions (up to 7.1.1-7058), 7.1.2-7019 and 8.0.0-8035. Sonicwall published the Sonicos versions 8.0.0-8037 and later, 7.0.1-5165 and more, 7.1.3-7015 and more, and 6.5.5.1-6n and more, to approach the bug. At the time, there were more than 4,500 ending points exposed to the Internet.
Proof of concept
Now, since Sonicwall users have had enough time to correct, Bishop Fox safety researchers have presented more details on vulnerability, as well as a POC. After a “significant” effort against the reverse engineering, Bishop Fox said that vulnerability could be used by sending a tailor -made session cookie containing a basic byte coded chain64 to the termination point of SSLVPN authentication.
The result is the end point assuming that the request was associated with an active VPN session and validates it incorrectly. Consequently, the target is disconnected, while the attacker has access to the session, including the possibility of reading the virtual desktops of the victim, access to the configuration parameters of the VPN client, to open a tunnel VPN, etc.
“With this, we were able to identify the username and the diverse session area, as well as private routes to which the user was able to access via the SSL VPN,” said the researchers.
Via Bleeping Compompute
