CyberSecurityBoard
Sponsor Register Login

SonicWALL Connect Tunnel Vulnerability Allows Attackers to Create a DoS Condition

The flaw allows attackers to create a denial-of-service (DoS) condition on affected systems by exploiting the vulnerability to overwrite files unauthorizedly, potentially leading to file corruption. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. As cybersecurity threats continue to evolve, it is crucial for organizations and individuals to prioritize software updates and security patches to protect against emerging vulnerabilities. Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. The CVSS vector is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H, reflecting local attack vector requirements, low attack complexity, and low privileges needed for exploitation. Once this access is obtained, the attacker can create symbolic links that the SonicWall VPN service will mistakenly interpret as legitimate files. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 30 Apr 2025 13:45:07 +0000


Cyber News related to SonicWALL Connect Tunnel Vulnerability Allows Attackers to Create a DoS Condition

178K+ SonicWall Firewalls Vulnerable to DoS, RCE Attacks - Two unauthenticated denial-of-service vulnerabilities are threatening the security of SonicWall next-generation firewall devices, exposing more than 178,000 of them to both DoS as well as remote code execution attacks. SonicWall products affected are ...
1 year ago Darkreading.com CVE-2022-22274 CVE-2023-0656
CVE-2024-49940 - In the Linux kernel, the following vulnerability has been resolved: l2tp: prevent possible tunnel refcount underflow When a session is created, it sets a backpointer to its tunnel. When the session refcount drops to 0, l2tp_session_free drops the ...
6 months ago Tenable.com
Analyzing the SonicWall Custom Grub LUKS Encryption Modifications - During our initial analysis of a virtual machine image for the application, we discovered a customized LUKS encryption mechanism meant to hinder reverse engineering of the application. We were able to recover the LUKS decryption key by leveraging ...
1 year ago Securityboulevard.com
Over 178K SonicWall firewalls vulnerable to DoS, potential RCE attacks - Security researchers have found over 178,000 SonicWall next-generation firewalls with the management interface exposed online are vulnerable to denial-of-service and potential remote code execution attacks. These appliances are affected by two DoS ...
1 year ago Bleepingcomputer.com CVE-2022-22274 CVE-2023-0656
SonicWall Accelerates SASE Offerings; Acquires Proven Cloud Security Provider - PRESS RELEASE. MILPITAS, Calif. - January 3, 2024 - SonicWall, a global cybersecurity leader, today announced the acquisition of Banyan Security, a leading provider of security service edge solutions for the modern workforce. This acquisition ...
1 year ago Darkreading.com
180k Internet-Exposed SonicWall Firewalls Vulnerable to DoS Attacks, Possibly RCE - The majority of internet-exposed SonicWall next-generation firewall series 6 and 7 devices have not been patched against two potentially serious vulnerabilities, cybersecurity firm Bishop Fox reports. The issues, tracked as CVE-2022-22274 and ...
1 year ago Securityweek.com CVE-2022-22274 CVE-2023-0656
178,000 SonicWall firewalls are vulnerable to old DoS bugs The Register - More than 178,000 SonicWall firewalls are still vulnerable to years-old vulnerabilities, an infosec reseacher claims. A study by Jon Williams, senior security engineer at Bishop Fox, this week highlights what he refers to as weapons-grade patch ...
1 year ago Go.theregister.com CVE-2022-22274 CVE-2023-0656
SonicWall OS Command Injection Vulnerability Exploited in the Wild - “During further analysis, SonicWall and trusted security partners identified that ‘CVE-2023-44221 – Post Authentication OS Command Injection’ vulnerability is potentially being exploited in the wild,” SonicWall stated in ...
1 week ago Cybersecuritynews.com CVE-2023-44221
SonicWall Firewall Authentication Bypass Vulnerability Exploited in Wild - The surge in attacks follows the public release of proof-of-concept (PoC) exploit code on February 10, 2025, by researchers at Bishop Fox, amplifying risks for organizations with unpatched devices. Security analysts attribute the rapid weaponization ...
2 months ago Cybersecuritynews.com CVE-2024-53704 Akira
SonicWall Alerts that Web Content Filtering is Not Working Properly on Windows 11 22H2 - Today, security hardware manufacturer SonicWall alerted customers of a limitation of the web content filtering feature on Windows 11, version 22H2 systems. SonicWall's Capture Client is a security solution for Windows and macOS that has Endpoint ...
2 years ago Bleepingcomputer.com
SonicWall SMA VPN devices targeted in attacks since January - A remote code execution vulnerability affecting SonicWall Secure Mobile Access (SMA) appliances has been under active exploitation since at least January 2025, according to cybersecurity company Arctic Wolf. Days after SonicWall tagged the security ...
3 weeks ago Bleepingcomputer.com CVE-2021-20035
Webex Connect and a New Digital Experience - While creating such engaging experiences is necessary for businesses of all sizes, smaller teams in particular need to find a way to get their customers' questions answered without relying on as much manpower. The Cisco Store is one such program, and ...
1 year ago Feedpress.me
SonicWall Firewall Vulnerability Exploited to Gain Unauthorized Network Access - Security experts emphasize that despite the significant reverse-engineering effort required to uncover the vulnerability, the exploit itself is trivial to execute, making immediate patching critical for all affected organizations. Attackers are ...
1 month ago Cybersecuritynews.com CVE-2024-53704
SonicWall firewall bug targeted in attacks after PoC exploit release - On Thursday, cybersecurity company Arctic Wolf said they started detecting exploitation attempts targeting this vulnerability in attacks "shortly after the PoC was made public," confirming SonicWall's fears regarding the vulnerability's ...
2 months ago Bleepingcomputer.com CVE-2024-53704
SonicWall firewall bug leveraged in attacks after PoC exploit release - On Thursday, cybersecurity company Arctic Wolf said they started detecting exploitation attempts targeting this vulnerability in attacks "shortly after the PoC was made public," confirming SonicWall's fears regarding the vulnerability's ...
2 months ago Bleepingcomputer.com CVE-2024-53704
Apache OFBiz 0-day sees thousands of daily exploit attempts The Register - SonicWall says it has observed thousands of daily attempts to exploit an Apache OFBiz zero-day for nearly a fortnight. The near-maximum severity zero-day vuln in OfBiz, an open source ERP system with what researchers described as a surprisingly wide ...
1 year ago Go.theregister.com CVE-2023-51467 CVE-2023-49070
Apache OFBiz 0-day sees thousands of daily exploit attempts The Register - SonicWall says it has observed thousands of daily attempts to exploit an Apache OFBiz zero-day for nearly a fortnight. The near-maximum severity zero-day vuln in OFBiz, an open source ERP system with what researchers described as a surprisingly wide ...
1 year ago Packetstormsecurity.com CVE-2023-51467 CVE-2023-49070
SonicWall acquires Banyan Security - SonicWall acquired Banyan Security, a security service edge solution provider. This acquisition strengthens SonicWall's portfolio by adding zero trust security trusted by leading Fortune 100 companies to small businesses that are replacing legacy ...
1 year ago Helpnetsecurity.com
Over 178K SonicWall Firewalls Vulnerable to DoS, Potential RCE Attacks - A significant security concern has been raised for organizations using SonicWall next-generation firewalls. Tell me more about the SonicWall firewall vulnerability. Security experts have identified that over 178,000 SonicWall firewalls with their ...
1 year ago Securityboulevard.com CVE-2022-22274 CVE-2023-0656
SonicWALL Connect Tunnel Vulnerability Allows Attackers to Create a DoS Condition - The flaw allows attackers to create a denial-of-service (DoS) condition on affected systems by exploiting the vulnerability to overwrite files unauthorizedly, potentially leading to file corruption. Cyber Security News is a Dedicated News Platform ...
1 week ago Cybersecuritynews.com
Python-Based Malware Slithers Into Systems via Legit VS Code - "The [threat actor (TA)] leverages a [VS Code] tool to initiate a remote tunnel and retrieve an activation code, which the TA can use to gain unauthorized remote access to the victim’s machine," according to the blog post about the ...
7 months ago Darkreading.com Mustang Panda
CVE-2023-25194 - A possible security vulnerability has been identified in Apache Kafka Connect API. ...
1 year ago
Something exciting is brewing for NRF24 - NRF'24 is also where we'll be demonstrating Webex Connect's mobile ordering coffee bar experience at Café Cisco, which showcases the richer customer communications delivered by the simplicity and intuitiveness of Webex Connect, part of Webex CPaaS ...
1 year ago Feedpress.me
SonicWall SMA100 OS Command Injection Vulnerability Exploited in Wild - CISA has added the SonicWall SMA100 OS Command Injection Vulnerability, tracked as CVE-2023-44221, to its Known Exploited Vulnerabilities (KEV) catalog. While specific exploitation details remain limited, security firm watchTowr reported on May 1 ...
1 week ago Cybersecuritynews.com CVE-2023-44221
SonicWall: SMA100 VPN vulnerabilities now exploited in attacks - In January, SonicWall urged admins to patch a critical flaw in SMA1000 secure access gateways that was being exploited in zero-day attacks, and one month later warned of an actively exploited authentication bypass flaw in Gen 6 and Gen 7 firewalls ...
1 week ago Bleepingcomputer.com CVE-2021-20035

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)