- Security researchers warn that a Sonicwall error is actively exploited
- The error was discovered in early January 2025 and subsequently got established
- However, not all users have applied the patch yet
Cyber criminals actively abuse a vulnerability in Sonicwall -Firewalls to gain access to measuring endpoint, manipulate VPN and more, cybersecurity scientists Arctic Wolf revealed.
The vulnerability in question is an incorrect approval error in the SSLVPN approval mechanism. It was discovered in early January 2025 and got a severity of 9.8/10 – critical. It is tracked as CVE-2024-53704 and affects Sonicos versions 7.1.x (up to 7.1.1-7058), 7.1.2-7019 and 8.0.0-8035. Sonicwall released versions Sonicos 8.0.0-8037 and later 7.0.1-5165 and higher, 7.1.3-7015 and higher and 6.5.5.1-6N and higher to tackle the error.
Shortly after Sonicwall released a solution, security exit bishop Fox emerged with a proof-of-concept (POC) utilization to warn the security community and Sonicwall users on potential attacking options. Therefore, it also provided cyber criminal ideas on how to exploit the error and are expected to be expected.
Exploitation attempts
“Shortly after Proof-of-Concept was published, Arctic Wolf began observing exploitation attempts on this vulnerability in the pacifier landscape,” the company said in its security advice.
The researchers explained that the target’s endpoint in exploitation is wrongly validating a malicious session attempt. As a result, the target is logged out while the striker is given access to the session, including the opportunity to read the victim’s virtual office bookmarks, Access VPN client configuration settings, open a VPN tunnel and more.
“With that, we were able to identify the username and domain of the hijacked session along with private routes that the user was able to access through SSL VPN,” the researchers said.
Although a patch is available for more than a month now, there are still thousands of vulnerable final points out there.
Via Registered
