"SonicWall Firewall Vulnerability Exploited After PoC Publication"

According to security researchers at Artic Wolf, threat actors started exploiting a recent SonicWall firewall vulnerability this week, shortly after proof-of-concept (PoC) code targeting it was published.  The researchers noted that the flaw, tracked as CVE-2024-53704, is a high-severity authentication bypass caused by an issue in the SSLVPN authentication mechanism of SonicOS.  SonicWall, in January, patched this bug and another authentication bypass bug (CVE-2024-40762) in SonicOS versions 7.1.3-7015 and 8.0.0-8037, saying that it had no evidence of either of them being exploited in attacks.  The researchers spotted activity targeting CVE-2024-53704 this week, shortly after Bishop Fox published technical details and a PoC exploit for it.  The researchers noted that the public PoC enables unauthenticated attackers to bypass multi-factor authentication (MFA) protections, access private information, and interrupt VPN sessions.  The researchers said that historically, threat actors have leveraged authentication bypass vulnerabilities on firewall and VPN gateways to deploy ransomware.  According to Bishop Fox, approximately 4,500 internet-facing SonicWall SSL VPN servers had not been patched against CVE-2024-53704 as of February 7.  Organizations should update their appliances as soon as possible.  

SecurityWeek reports: "SonicWall Firewall Vulnerability Exploited After PoC Publication"