On Thursday, cybersecurity company Arctic Wolf said they started detecting exploitation attempts targeting this vulnerability in attacks "shortly after the PoC was made public," confirming SonicWall's fears regarding the vulnerability's increased exploitation potential. "Proof-of-Concepts (PoCs) for the SonicOS SSLVPN Authentication Bypass Vulnerability (CVE-2024-53704) are now publicly available," SonicWall warned after the exploit code was released. SonicWall urged customers to immediately upgrade their firewalls' SonicOS firmware to prevent exploitation in an email sent before disclosing the vulnerability publicly and releasing security updates on January 7. Attackers are now targeting an authentication bypass vulnerability affecting SonicWall firewalls shortly after the release of proof-of-concept (PoC) exploit code. This security flaw (CVE-2024-53704), tagged by CISA as critical severity and found in the SSLVPN authentication mechanism, impacts SonicOS versions 7.1.x (up to 7.1.1-7058), 7.1.2-7019, and 8.0.0-8035, used by multiple models of Gen 6 and Gen 7 firewalls and SOHO series devices. "The released PoC exploit allows an unauthenticated threat actor to bypass MFA, disclose private information, and interrupt running VPN sessions," Arctic Wolf stated. Successful exploitation enables remote attackers to hijack active SSL VPN sessions without authentication, which grants them unauthorized access to targets' networks. Arctic Wolf warned in October that at least 30 intrusions started with remote network access through SonicWall VPN accounts. The company also shared mitigation measures for admins who couldn't immediately secure their devices, including limiting access to trusted sources and restricting access from the Internet entirely if not needed.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Fri, 14 Feb 2025 18:15:20 +0000