The Register: SonicWall firewalls now under attack: Patch ASAP or risk intrusion via your SSL VPN

Feb 14, 2025

—

Source URL: https://www.theregister.com/2025/02/14/sonicwall_firewalls_under_attack_patch/
Source: The Register
Title: SonicWall firewalls now under attack: Patch ASAP or risk intrusion via your SSL VPN

Feedly Summary: Roses are red, violets are blue, CVE-2024-53704 is perfect for a ransomware crew
Miscreants are actively abusing a high-severity authentication bypass bug in unpatched internet-facing SonicWall firewalls following the public release of proof-of-concept exploit code.…

AI Summary and Description: Yes

Summary: The text discusses a critical vulnerability in SonicWall firewalls (CVE-2024-53704) that allows authentication bypass, enabling remote attackers to hijack SSL VPN sessions. It emphasizes the urgent need for users to update their firmware to mitigate this security risk, highlighting ongoing exploitation attempts in the wild.

Detailed Description: The provided text details a significant security vulnerability affecting SonicWall firewalls, which can be exploited to bypass authentication mechanisms, posing a serious risk to users. Key points from the text include:

– **Vulnerability Details:**
– The flaw is tracked as CVE-2024-53704 and pertains to the SSL VPN authentication mechanism in SonicOS.
– Exploitation enables unauthorized access to networks through hijacked SSL VPN sessions.

– **Active Exploitation:**
– Arctic Wolf reported observing exploitation attempts following the public disclosure of the proof-of-concept exploit code.
– Researchers from Bishop Fox demonstrated that exploiting the vulnerability was “trivial” on unpatched devices.

– **Affected Devices:**
– The vulnerability affects multiple Gen 7 and TZ80 SonicWall firewalls.
– It is essential for users to upgrade to the latest SonicOS version to address the security hole.

– **Recommendations:**
– SonicWall has issued a call for immediate upgrades to the latest firmware version.
– If an upgrade cannot be performed, users are advised to disable the SSL VPN to mitigate risk.

– **Scope of the Issue:**
– As of the report from February 7, approximately 4,500 internet-facing SonicWall SSL VPN servers remained unpatched.
– Evidence of exploitation attempts has been tracked back to February 12, 2025, with activity originating from a few VPS hosting providers.

This information is particularly critical for security professionals and organizations using SonicWall firewalls, as it underscores the importance of timely updates and the ongoing threat landscape associated with unpatched vulnerabilities.

1 2 2024 24 3 4 5 53 7 a access Act active exploitation AI and Arch art as attack attackers authentication Authentication Bypass authentication mechanisms Bug by bypass C CIA code concept concept exploit core critical critical vulnerability CVE D de demo disclosure e end exp exploit exploit code Exploitation firewall firewalls firmware for g Gen Gen 7 GIS Go grade high Highlight hosting HR http HTTPS ICO in information inter intern internet ite J jack k Key l land law led low media multi network networks no o of on organization organizations Patch point professionals proof proof-of-concept proof-of-concept exploit public R rack ransom ransomware rate RCE recommendations red release remote attackers report research researchers Risk Ro s Sable SAP search sec security security professionals security risk security vulnerability server servers severity Sig SoC SonicWall source SSE SSL T Tails test text the threat threat landscape Time to TP two unauthorized access up update updates upgrade US use user Users uth V version VPN VPS vulnerabilities vulnerability Wi x