- Security researchers warn a Sonicwall defect being actively exploited
- The bug was discovered in early January 2025, then corrected
- However, not all users have yet applied the fix
Cybercriminals actively abuse vulnerability in Sonic firewalls
The vulnerability in question is an inappropriate authentication bug in the SSLVPN authentication mechanism. It was discovered in early January 2025 and received a gravity score of 9.8 / 10 – critic. It is followed under the name of CVE-2024-53704 and has an impact on the Sonicos 7.1.X versions (up to 7.1.1-7058), 7.1.2-7019 and 8.0.0-8035. Sonicwall published the Sonicos versions 8.0.0-8037 and later, 7.0.1-5165 and more, 7.1.3-7015 and more, and 6.5.5.1-6n and more, to approach the bug.
Shortly after Sonicwall published a correction, the Fox security bishop presented a concept of concept (POC) to warn the security community, and Sonicwall users, on potential attack avenues. Therefore, this has also given cybercriminal ideas on how to exploit the defect and foresee, this happened.
Exploitation attempts
“Shortly after proof of concept was made public, the Arctic Wolf began to observe the attempts to exploit this vulnerability in the landscape of threats,” said the company in its security notice.
The researchers explained that in the feat, the target final point incorrectly validates an attempt at malicious session. Consequently, the target is disconnected, while the attacker has access to the session, including the possibility of reading the virtual desktops of the victim, access to the configuration parameters of the VPN client, to open a tunnel VPN, etc.
“With this, we were able to identify the username and the diverse session area, as well as private routes to which the user was able to access via the SSL VPN,” said the researchers.
Even if a patch has been available for more than a month now, there are still thousands of vulnerable ending points.
Via The register
