San Jose, CA | February 17, 2025 –SonicWall firewalls are under attack after a PoC exploit leak, enabling hackers to bypass authentication and hijack VPNs. 4,500 devices remain vulnerable.
A critical vulnerability in SonicWall firewalls (CVE-2024-53704) is being actively exploited, following the public release of proof-of-concept (PoC) code by security firm Bishop Fox. This exploit allows attackers to bypass authentication and hijack active VPN sessions, putting thousands of networks at risk.
The vulnerability, rated 9.3 on the CVSS scale, affects SonicOS versions on Gen 6, Gen 7, and TZ80 firewalls. Hackers exploit the flaw by sending a malicious session cookie to the VPN endpoint, allowing them to bypass multi-factor authentication (MFA) and gain full access to internal networks.
Arctic Wolf, a leading security firm warned:
This exploit is a ransomware gateway.
The PoC code, released on February 10, 2025, triggered immediate exploitation attempts, with Arctic Wolf detecting attacks from multiple virtual private servers (VPS) by February 12. These attempts are reminiscent of previous SonicWall exploits, which were weaponized by groups like Akira and Fog ransomware.
Bishop Fox reports that over 4,500 SonicWall SSL VPN servers remain unpatched and exposed. Meanwhile, SonicWall urges all users to immediately update to patched firmware versions (SonicOS 8.0.0-8037 or 7.1.3-7015). SonicWall Security Advisory stated:
Delaying patches could lead to catastrophic breaches.
Cybersecurity agencies also recommend:
✅ Disable SSL VPN on public interfaces if updates cannot be applied immediately.
✅ Restrict VPN access to trusted IPs.
✅ Enforce MFA for all VPN users.
Other News At VPNRanks
Hey, wait!
Stay informed on the latest privacy updates, cybersecurity insights, and internet freedom news by following VPNRanks news daily! As your primary resource for critical updates in online security, we ensure you’re always in the know. Make VPNRanks your go-to guide for safeguarding your digital life.
