2025-1-22 16:0:0 Author: bishopfox.com(查看原文) 阅读量:5 收藏
Bishop Fox researchers have successfully exploited CVE-2024-53704, an authentication bypass affecting the SSL VPN component of unpatched SonicWall firewalls. According to SonicWall, SonicOS versions 7.1.x (7.1.1-7058 and older), 7.1.2-7019, and 8.0.0-8035 are affected. The researchers confirmed that the attack can be performed remotely, without authentication, and enables hijacking of active SSL VPN client sessions.
An attacker with control of an active SSL VPN session can read the user’s Virtual Office bookmarks, obtain a client configuration profile for NetExtender, open a VPN tunnel, access private networks available to the hijacked account, and log out the session (terminating the user’s connection as well).
The vendor advisory for CVE-2024-53704 was only published two weeks ago, and SonicWall reported no evidence of exploitation in the wild. Our current research indicates more than 5,000 affected SonicWall devices remain accessible on the internet. Although significant reverse-engineering effort was required to find and exploit the vulnerability, the exploit itself is rather trivial. As a result, we will delay publication of exploit details for at least 90 days to allow time for patching.
As always, customers of Bishop Fox Cosmos were notified shortly after the vulnerability was announced.
As SonicWall emphasizes in their release, we recommend upgrading your SonicWall firewalls quickly to avoid exploitation.
For more vulnerability intelligence insights, visit Bishop Fox Labs.
如有侵权请联系:admin#unsafe.sh