Security researchers are warning of a SonicWall flaw being actively exploited
The bug was discovered in early January 2025, and subsequently fixed
However not all users have applied the patch yet
Cybercriminals are actively abusing a vulnerability in SonicWall firewalls to gain access to target endpoints, tamper with the VPN, and more, cybersecurity researchers Arctic Wolf have revealed.
The vulnerability in question is an Improper Authentication bug in the SSLVPN authentication mechanism. It was discovered in early January 2025 and was given a severity score of 9.8/10 – critical. It is tracked as CVE-2024-53704 and impacts SonicOS versions 7.1.x (up to 7.1.1-7058), 7.1.2-7019, and 8.0.0-8035. SonicWall released versions SonicOS 8.0.0-8037 and later, 7.0.1-5165 and higher, 7.1.3-7015 and higher, and 6.5.5.1-6n and higher, to address the bug.
Leave a comment