Recent reports indicate that SonicWall firewalls are under active attack due to a critical vulnerability. The flaw, identified as CVE-2024-53704, allows attackers to bypass authentication mechanisms in SonicWall’s SSL VPN service. This vulnerability is particularly concerning as it affects multiple models of Gen 7 and TZ80 SonicWall firewalls.
Following the public release of proof-of-concept exploit code, security researchers noted an increase in exploitation attempts. The vulnerability enables remote attackers to hijack active SSL VPN sessions, granting them unauthorized access to affected networks.
SonicWall first disclosed the vulnerability in early January, urging users to upgrade to the latest version of SonicOS to mitigate risks. Despite this warning, as of early February, approximately 4,500 internet-facing SonicWall SSL VPN servers remain unpatched.
For those unable to upgrade immediately, SonicWall recommends disabling the SSL VPN feature until a patch can be applied. The potential consequences of exploitation include unauthorized access to sensitive information and the ability to terminate legitimate user sessions.
Security experts emphasize the urgency of addressing this vulnerability, as attackers have a history of targeting unpatched SonicWall devices. Users are strongly advised to follow SonicWall’s guidance and update their firewalls without delay.
For further details, refer to the original article on The Register.