back to article SonicWall firewalls now under attack: Patch ASAP or risk intrusion via your SSL VPN

Miscreants are actively abusing a high-severity authentication bypass bug in unpatched internet-facing SonicWall firewalls following the public release of proof-of-concept exploit code. The vulnerability, tracked as CVE-2024-53704, is a flaw in the SSL VPN authentication mechanism in SonicOS, the operating system that …

  1. Dimmer Silver badge

    The easy way out

    It never fails to surprise me how many ssl-vpns are authenticated by the AD domain.

    Seen it used in ASAs as well. All you have to do is exploit the AD and then you make as many vpn logins as you can sell.

    Guys, put a bit of a gap between your layers of security, or at least till the lazy powers at be that can’t remember 2 passwords force you to change. They will be the ones that can’t understand how to do 2 factor.

    1. Nate Amsden

      Re: The easy way out

      It someone has that level of access to AD, vpn logins are pretty low on the concern list at that point to me.

      1. Dimmer Silver badge

        Re: The easy way out

        The last one I fixed, they compromised an IOT device then a zero day against the AD to add an admin user. Filters prevented full access but with the vpn access, they then were free to do anything they wanted without tripping alarms.

        Then they sold it to some script kiddie morons that destroyed the whole network down to bare metal. When they tried to collect a ransom, they were told to F off. No reason for the victims pay ransom as they would have to completely rebuild. The data that stole was useless as well as it was all public information.

  2. harrys Bronze badge

    someone please please leak the code....

    Its the only way sonicwall users are going to get a proper independent third party code review done :)

    the only way i would trust a closed source firewall, is if they gave monetary compensation for every exploited flaw and/or a truely independent code review

    that aint happenin, especially if the company is listed on the stock market

    the cost of fixing the techical debt which could have been allocated for yearly will scare investors

    draytek anyone, caught putting on sticking plasters, bets sonicwall are doing the same

    1. Dimmer Silver badge

      Re: someone please please leak the code....

      Actually SONICWALL ssl-vpn appliance is open source if you go by the GPL.

      Years ago I sent in my $10 for a CD copy of the source. Never got it back.

      They had quietly closed it as they made improvements and scrubbed any references of it.

      I seriously doubt the code of 15 years back is anything like what they have now.

  3. Anonymous Coward
    Anonymous Coward

    SonicWall SOHO was the first standalone Firewall device I bought over 20 years ago

    It was good at that time, but in the end I replaced it with a NetGate box running Open Souce software that provided enhanced functionality & throughput without having to pay continuing subscription fees.

  4. steviebuk Silver badge

    Also

    A nice way for sonicwall to get people to upgrade. As the pricks don't give access to any firmware updates unless you have a license. And if you remove a device and upgrade, you still can't get the updated firmware for the old device.

    And the bullshit that is cyber essentials doesn't allow you to use any open source software or hardware. Although person who told me that I think is wrong.

    1. Vince

      Re: Also

      "And the bullshit that is cyber essentials doesn't allow you to use any open source software or hardware. Although person who told me that I think is wrong."

      They're incorrect. Cyber Essentials (whilst legitimately bullshit) does not prevent use of anything Open Source.

  5. razorfishsl

    it's that openssl stack...

    I already warned them that their STUPID marketing campaign on the firewall login page is causing problem with amplification attacks.

    who the F*** put an https marketing campaign on the login for a fire wall?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like