Critical Vulnerabilities Found in Palo Alto and SonicWall VPNs
/ 1 min read
Critical vulnerabilities discovered in Palo Alto Networks and SonicWall VPN clients. Cybersecurity researchers have identified significant flaws in the VPN clients of Palo Alto Networks and SonicWall that could allow attackers to execute remote code on Windows and macOS systems. The vulnerabilities exploit the trust VPN clients place in servers, enabling attackers to manipulate client behavior and gain high-level access. A proof-of-concept tool named NachoVPN has been developed to simulate rogue VPN servers and exploit these vulnerabilities. Key issues include CVE-2024-5921, affecting Palo Alto’s GlobalProtect, and CVE-2024-29014, impacting SonicWall’s NetExtender, both of which have received patches. Users are urged to update their software to mitigate potential threats, as there is currently no evidence of these vulnerabilities being exploited in the wild.