Home / Companies / SSOJet / Blog / Post Details
Content Deep Dive

SonicWall CVE-2024-53704: Exploited SSL VPN Session Hijacking Vulnerability (Authentication Bypass)

Blog post from SSOJet

Post Details
Company
Date Published
Author
Rajveer Singh
Word Count
599
Company Posts That Month
41
Language
English
Hacker News Points
-
Summary

Bishop Fox released technical details and proof-of-concept (PoC) exploit code for CVE-2024-53704, a critical authentication bypass vulnerability in SonicWall firewall's SonicOS, which allows attackers to hijack VPN sessions without authentication, bypass multi-factor authentication, and access private networks. Despite SonicWall's advisory and call for immediate patching, over 4,500 devices remained unpatched, making them susceptible to potential ransomware attacks from groups like Akira and Fog. The vulnerability, rated 9.3 on the CVSS scale, involves manipulating session cookies at the /cgi-bin/sslvpnclient endpoint and has led to increased exploitation attempts shortly after the PoC release. Arctic Wolf recommends upgrading to fixed versions of SonicOS, employing workarounds like restricting VPN access to trusted IPs, and disabling SSLVPN access from public networks to mitigate risks. Implementing secure Single Sign-On and user management can further safeguard against such vulnerabilities, with platforms like SSOJet offering comprehensive security solutions.

Trends Found in this Post

No tracked trend matches for this post yet.