Numerous SonicWall Firewalls Remain Exposed to Potential Hacking
In a recent development, researchers at Bishop Fox have successfully exploited a new vulnerability, CVE-2024-53704, which impacts the SSL VPN component of unpatched SonicWall firewalls. This vulnerability allows an attacker to hijack active SSL VPN client sessions, potentially giving them control over these sessions.
The vulnerability was first reported to SonicWall by Daan Keuper, Thijs Alkemade, and Khaled Nassar of Computest Security on November 5, 2024. As of the publication of the vendor advisory for CVE-2024-53704, SonicWall reported no evidence of exploitation in the wild.
However, if successfully exploited, an attacker can perform a series of actions. They can log out the session, terminating the user's connection. With control of an active SSL VPN session, they can also obtain a client configuration profile for NetExtender, open a VPN tunnel, access private networks available to the hijacked account, and even read the user's Virtual Office bookmarks.
The vulnerability affects several SonicOS versions, including 7.1.x (7.1.1-7058 and older), 7.1.2-7019, and 8.0.0-8035. SonicWall has released patches for CVE-2024-53704 on January 7, 2025. For TZ80 devices, the recommended patched firmware is SonicOS 8.0.0-8037 or higher, while for Gen 7 firewalls, the recommended patched firmware is SonicOS 7.1.3-7015 and higher.
As a precautionary measure, SonicWall advises either disabling SSL VPN or limiting SSL VPN Connections for those who are unable to apply the patches immediately. Bishop Fox, in their responsible disclosure policy, plans to release exploit code details on February 10th, 2025, giving affected customers 90 days to implement the patch.
It's worth noting that more than 5,000 affected SonicWall devices remain accessible on the internet, making them potential targets for this vulnerability. The Australian Cyber Security Centre (ACSC) has developed a patch for the security vulnerability, and details about the exploit code publication are expected to be disclosed soon as the vulnerability is actively exploited.
Stay vigilant and ensure your SonicWall firewalls are up-to-date to protect against this and other potential threats.
