Numerous SonicWall Firewalls Still Susceptible to Cyber Assault
In a recent development, security researchers at Bishop Fox have successfully exploited CVE-2024-53704, an authentication bypass affecting the SSL VPN component of unpatched SonicWall firewalls. This vulnerability, if left unaddressed, could potentially allow attackers to hijack active SSL VPN client sessions, access private networks, and even log out users, terminating their connections.
The affected SonicOS versions for SonicWall devices that were not updated before February 10, 2025, are versions earlier than SonicOS 7.0 MR6. SonicOS versions 7.1.x (7.1.1-7058 and older), 7.1.2-7019, and 8.0.0-8035 are also affected by this vulnerability.
SonicWall, in response to this discovery, released patches on January 7, 2025. For Gen 7 firewalls, the recommended patched firmware is SonicOS 7.1.3-7015 and higher. For TZ80 devices, SonicOS 8.0.0-8037 or higher is the recommended patched firmware.
It's important to note that the attack can be performed remotely, without authentication. An attacker with control of an active SSL VPN session can read the user's Virtual Office bookmarks, obtain a client configuration profile for NetExtender, and even open a VPN tunnel.
To mitigate the risks associated with this vulnerability, Bishop Fox recommends either patching the affected devices or implementing remediation measures. If patching is not possible, disabling SSL VPN or limiting SSL VPN Connections is recommended.
Bishop Fox's responsible disclosure policy is to disclose details publicly 90 days from the date of vendor notification. To allow for a complete one-month patch cycle by affected customers, Bishop Fox plans to release details of this exploit code on February 10th, 2025.
As of now, more than 5,000 affected SonicWall devices remain accessible on the internet. It is crucial for SonicWall users to update their devices to the recommended patched firmware to protect their networks from potential attacks.
Stay vigilant and keep your systems updated!
