Bishop Fox researchers found nearly 4,500 internet-exposed SonicWall firewalls were at risk of having their VPN sessions taken over in attacks exploiting a high-severity authentication bypass flaw within the SonicOS SSLVPN application, tracked as CVE-2024-53704, according to BleepingComputer.The flaw has since been addressed and fixed.Potential intrusions start with the delivery of a specially crafted session cookie with a base64-encoded null bytes string to the '/cgi-bin/sslvpnclient' SSL VPN authentication endpoint, prompting an improper session validation that logs out firewall users and enables attacker session hijacking, a report from Bishop Fox revealed."With that, we were able to identify the username and domain of the hijacked session, along with private routes the user was able to access through the SSL VPN," said researchers.Organizations with firewalls running on SonicOS versions 7.1.x, 7.1.2-7019, and 8.0.0-8035 have been urged to immediately apply patches issued by SonicWall earlier last month.
You can skip this ad in 5 seconds