SonicWall - Geek Feed

SonicWall firewall bug targeted in attacks after PoC exploit release

February 17, 2025February 17, 2025 geekfeed0Tagged Actively Exploited, Authentication Bypass, CVE-2024-53704, Firewall, SonicOS, SonicWall, SSL VPN

Attackers are now targeting an authentication bypass vulnerability affecting SonicWall firewalls shortly after the release of proof-of-concept (PoC) exploit code. This security flaw (CVE-2024-53704), tagged by CISA as critical severity and found in the SSLVPN authentication mechanism, impacts SonicOS versions 7.1.x (up to 7.1.1-7058), 7.1.2-7019, and 8.0.0-8035, used by multiple models of Gen 6 and […]

2 mins read

SonicWall firewall exploit lets hackers hijack VPN sessions, patch now

February 13, 2025February 13, 2025 geekfeed0Tagged Authentication Bypass, CVE-2024-53704, CVE-2024-53705, exploit, Exploit code, poc, Proof of Concept, SonicWall, vulnerability

Security researchers at Bishop Fox have published complete exploitation details for the CVE-2024-53704 vulnerability that allows bypassing the authentication mechanism in certain versions of the SonicOS SSLVPN application. The vendor warned about the high exploitation possibility of the flaw in a bulletin on January 7, urging administrators to upgrade their SonicOS firewalls’ firmware to address […]

3 mins read

SonicWall warns of SMA1000 RCE flaw exploited in zero-day attacks

January 24, 2025January 24, 2025 geekfeed0Tagged Actively Exploited, CVE-2025-23006, rce, Remote Command Execution, SonicWall, vulnerability

SonicWall is warning about a pre-authentication deserialization vulnerability in SonicWall SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), with reports that it has been exploited as a zero-day in attacks. The flaw, tracked as CVE-2025-23006 and rated critical (CVSS v3 score: 9.8), could allow remote unauthenticated attackers to execute arbitrary OS commands under specific […]

2 mins read

SonicWall urges admins to patch exploitable SSLVPN bug immediately

January 10, 2025January 10, 2025 geekfeed0Tagged Authentication Bypass, Firewall, firmware, Security Advisory, SonicOS, SonicWall, vulnerability

SonicWall is emailing customers urging them to upgrade their firewall’s SonicOS firmware to patch an authentication bypass vulnerability in SSL VPN and SSH management that is “susceptible to actual exploitation.” In an email sent to SonicWall customers and shared on Reddit, the firewall vendor says the patches are available as of yesterday, and all impacted customers should install them […]

2 mins read

Over 25,000 SonicWall VPN Firewalls exposed to critical flaws

December 18, 2024December 18, 2024 geekfeed0Tagged Firewall, security, SonicWall, vulnerability

Over 25,000 publicly accessible SonicWall SSLVPN devices are vulnerable to critical severity flaws, with 20,000 using a SonicOS/OSX firmware version that the vendor no longer supports. These results come from an analysis conducted by cybersecurity firm Bishop Fox, which was motivated by a series of important vulnerabilities disclosed this year impacting SonicWall devices. Vulnerabilities affecting SonicWall […]

2 mins read