SonicWall firewalls now under attack: Patch ASAP or risk intrusion via your SSL VPN Miscreants are actively abusing a high-severity authentication bypass bug in unpatched internet-facing SonicWall firewalls following the public release of proof-of-concept exploit code. The vulnerability, tracked as CVE-2024-53704, is a flaw in the SSL VPN authentication mechanism in SonicOS, the operating system that …
It never fails to surprise me how many ssl-vpns are authenticated by the AD domain.
Seen it used in ASAs as well. All you have to do is exploit the AD and then you make as many vpn logins as you can sell.
Guys, put a bit of a gap between your layers of security, or at least till the lazy powers at be that can’t remember 2 passwords force you to change. They will be the ones that can’t understand how to do 2 factor.
The last one I fixed, they compromised an IOT device then a zero day against the AD to add an admin user. Filters prevented full access but with the vpn access, they then were free to do anything they wanted without tripping alarms.
Then they sold it to some script kiddie morons that destroyed the whole network down to bare metal. When they tried to collect a ransom, they were told to F off. No reason for the victims pay ransom as they would have to completely rebuild. The data that stole was useless as well as it was all public information.
Its the only way sonicwall users are going to get a proper independent third party code review done :)
the only way i would trust a closed source firewall, is if they gave monetary compensation for every exploited flaw and/or a truely independent code review
that aint happenin, especially if the company is listed on the stock market
the cost of fixing the techical debt which could have been allocated for yearly will scare investors
draytek anyone, caught putting on sticking plasters, bets sonicwall are doing the same
Actually SONICWALL ssl-vpn appliance is open source if you go by the GPL.
Years ago I sent in my $10 for a CD copy of the source. Never got it back.
They had quietly closed it as they made improvements and scrubbed any references of it.
I seriously doubt the code of 15 years back is anything like what they have now.
A nice way for sonicwall to get people to upgrade. As the pricks don't give access to any firmware updates unless you have a license. And if you remove a device and upgrade, you still can't get the updated firmware for the old device.
And the bullshit that is cyber essentials doesn't allow you to use any open source software or hardware. Although person who told me that I think is wrong.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
