Critical SonicWall VPN Flaw Lets Hackers Hijack Sessions

by | Feb 12, 2025 | News

Critical SonicWall VPN Flaw Lets Hackers Hijack Sessions

Post Views: 13




Join our Patreon Channel and Gain access to 70+ Exclusive Walkthrough Videos.

Patreon
Reading Time: 3 Minutes

Security researchers at Bishop Fox have published full exploitation details for CVE-2024-53704, a critical vulnerability in SonicOS SSLVPN that allows attackers to bypass authentication and hijack active VPN sessions.

Vulnerability Overview

  • CVE-2024-53704 impacts SonicOS SSL VPN and allows remote attackers to:

    • Hijack active VPN sessions without authentication.
    • Gain unauthorized network access.
    • Read Virtual Office bookmarks and obtain VPN client configurations.
    • Open a VPN tunnel to access internal resources.

  • SonicWall warned about this flaw on January 7, 2025, urging administrators to update their SonicOS firewalls immediately.

Bishop Fox Exploit Details

  • Reverse-engineering effort led to the discovery of how the flaw is exploited.

Reverse-engineering the patch to find the flaw
Reverse-engineering the patch to find the flaw
Source: Bishop Fox

  • The attack works by sending a specially crafted session cookie to the authentication endpoint “/cgi-bin/sslvpnclient.”
  • This tricks the VPN into associating the attacker’s request with an active session, logging out the victim and granting the attacker access.

    Overview of the attack path
    Overview of the attack path
    Source: Bishop Fox

  • A proof-of-concept (PoC) exploit has been successfully tested.

 

See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses




Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.

Impacted SonicOS Versions

  • 7.1.x (up to 7.1.1-7058)
  • 7.1.2-7019
  • 8.0.0-8035
  • Affects Gen 6 and Gen 7 SonicWall firewalls, including SOHO series devices.

Patch Availability

  • Fixed in SonicOS 8.0.0-8037 and later, 7.0.1-5165 and higher, 7.1.3-7015 and higher, 6.5.5.1-6n and higher.
  • SonicWall’s bulletin provides model-specific patch details.

Current Risk Level

  • As of February 7, around 4,500 internet-exposed SonicWall SSL VPN servers remain unpatched.
  • With the exploit details now public, attackers are expected to actively target vulnerable devices.

Trending: Essential Skills Every Hacker Should Master




Trending: Digital Forensics Tool: MemProcFS-Analyzer

Action Required

  • Apply firmware updates immediately to protect against attacks.
  • Disable SSL VPN if not in use.
  • Monitor VPN logs for unauthorized session activity.
  • Implement multi-factor authentication (MFA) to add an extra security layer.

With an active proof-of-concept exploit now available, the risk of exploitation is high. Organizations using SonicWall SSL VPN should patch immediately to prevent unauthorized access.

Trending: Hackers Spoof Microsoft ADFS Login Pages to Steal Credentials and Bypass MFA

Are u a security researcher? Or a company that writes articles about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing? If you want to express your idea in an article contact us here for a quote: [email protected]

Source: bleepingcomputer.com

Source Link

Merch

Recent News

EXPLORE OUR STORE

Offensive Security & Ethical Hacking Course

Begin the learning curve of hacking now!

Information Security Solutions

Find out how Pentesting Services can help you.

Join our Community

Share This