SonicWall Vulnerability Allows SSL VPN Session Hijacking
/ 1 min read
🔓 Critical vulnerability discovered in SonicWall firewalls allows SSL VPN session hijacking. Researchers from Bishop Fox have exploited CVE-2024-53704, an authentication bypass affecting unpatched SonicWall firewalls, specifically versions 7.1.x and 8.0.0. This vulnerability enables remote attackers to hijack active SSL VPN client sessions without authentication, granting access to sensitive information and private networks. Although SonicWall has released patches, over 5,000 devices remain exposed online. The exploit was reported to SonicWall on November 5, 2024, with public disclosure of the exploit code planned for February 10, 2025, following a 90-day responsible disclosure policy. SonicWall urges users to upgrade their firewalls promptly to mitigate risks associated with this vulnerability.
