Security researchers at Bishop Fox have published full exploitation details for CVE-2024-53704, a critical vulnerability in SonicOS SSLVPN that allows attackers to bypass authentication and hijack active VPN sessions.
Vulnerability Overview
-
CVE-2024-53704 impacts SonicOS SSL VPN and allows remote attackers to:
- Hijack active VPN sessions without authentication.
- Gain unauthorized network access.
- Read Virtual Office bookmarks and obtain VPN client configurations.
- Open a VPN tunnel to access internal resources.
-
SonicWall warned about this flaw on January 7, 2025, urging administrators to update their SonicOS firewalls immediately.
Bishop Fox Exploit Details
- Reverse-engineering effort led to the discovery of how the flaw is exploited.
Reverse-engineering the patch to find the flaw
Source: Bishop Fox