SonicWall firewalls hit by worrying cyberattack

A VPN runs on a mobile phone placed on a laptop keyboard
(Image credit: Getty Images)

  • Security researchers are warning of a SonicWall flaw being actively exploited
  • The bug was discovered in early January 2025, and subsequently fixed
  • However not all users have applied the patch yet

Cybercriminals are actively abusing a vulnerability in SonicWall firewalls to gain access to target endpoints, tamper with the VPN, and more, cybersecurity researchers Arctic Wolf have revealed.

The vulnerability in question is an Improper Authentication bug in the SSLVPN authentication mechanism. It was discovered in early January 2025 and was given a severity score of 9.8/10 - critical. It is tracked as CVE-2024-53704 and impacts SonicOS versions 7.1.x (up to 7.1.1-7058), 7.1.2-7019, and 8.0.0-8035. SonicWall released versions SonicOS 8.0.0-8037 and later, 7.0.1-5165 and higher, 7.1.3-7015 and higher, and 6.5.5.1-6n and higher, to address the bug.

Soon after SonicWall released a fix, security outlet Bishop Fox came forward with a Proof-of-Concept (PoC) exploit to warn the security community, and SonicWall users, about potential attack avenues. Consequently, it also gave cybercriminals ideas on how to exploit the flaw and expectedly, it has happened.

Exploitation attempts

"Shortly after the proof-of-concept was made public, Arctic Wolf began observing exploitation attempts of this vulnerability in the threat landscape," the company said in its security advisory.

The researchers explained that in the exploit, the target endpoint incorrectly validates a malicious session attempt. As a result, the target is logged out, while the attacker gets access to the session, including the ability to read the victim’s Virtual Office bookmarks, access VPN client configuration settings, open a VPN tunnel, and more.

"With that, we were able to identify the username and domain of the hijacked session, along with private routes the user was able to access through the SSL VPN," the researchers said.

Even though a patch is available for more than a month now, there are still thousands of vulnerable endpoints out there.

Via The Register

You might also like

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read more
Best free Linux firewalls
SonicWall tells admins to patch worrying SSLVPN flaw immediately
A VPN runs on a mobile phone placed on a laptop keyboard
SonicWall VPN flaw could allow hackers to hijack your sessions, so patch now
Representational image depecting cybersecurity protection
Hackers are breaking SonicWall products to target business networks
An illustration of a hand holding a set of keys in front of a laptop, accompanied by a padlock symbol, fingerprint, and key.
Thousands of SonicWall VPN devices are facing worrying security threats
The best free firewall
Palo Alto Networks PAN-OS sees authentication bypass under attack from hackers
Best free Linux firewalls
Fortinet warns a critical vulnerability in its systems could let attackers breach company networks
Latest in Security
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Representational image depecting cybersecurity protection
GitLab has patched a host of worrying security issues
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks
China
Volt Typhoon threat group had access to American utility networks for the best part of a year
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
Latest in News
A super close up image of the Google Gemini app in the Play Store
It's official: Google Assistant will be retired for phones this year, with Gemini taking over
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 16 (game #1147)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Sunday, March 16 (game #378)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Sunday, March 16 (game #644)
Three iPhone 16 handsets on show
Apple could launch an iPhone 17 Ultra this year – but we've heard these rumors before
Super Mario Odyssey
ChatGPT is the ultimate gaming tool - here's 4 ways you can use AI to help with your next playthrough