Despite SonicWall issuing a patch in January, the risk escalated when Bishop Fox published a proof-of-concept (PoC) earlier this month, followed by active exploitation attempts reported by security firms. The Cybersecurity and Infrastructure Security Agency (CISA) has since added CVE-2024-53704 to its list of known exploited vulnerabilities, urging immediate action.
The flaw originates from improper handling of base64-encoded session cookies, where the getSslvpnSessionFromCookie function fails to properly verify session data. This affects SonicWall TZ, NSa, NSsp series firewalls, as well as NSv series virtual firewalls.
SonicWall has strongly advised customers to upgrade their firmware immediately to patch the vulnerability. For organizations unable to upgrade, disabling SSL VPN functionality is recommended as an alternative mitigation measure.
With active exploitation attempts already underway, organizations using affected SonicWall firewalls must act swiftly to prevent unauthorized access and potential network intrusions.
Source: Cybersecurity Dive
The European Cyber Intelligence Foundation is a nonprofit think tank specializing in intelligence and cybersecurity, offering consultancy services to government entities. To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net, or you can try yourself using check.website.