Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.exchange/users/screaminggoat/statuses/113872929744601721">screaminggoat (screaminggoat@infosec.exchange)'s status on Wednesday, 12-Feb-2025 08:43:55 JST</a><a href="https://infosec.exchange/@screaminggoat" title="screaminggoat@infosec.exchange"><img src="https://gnusocial.jp/avatar/278335-48-20250102170004.webp" width="48" height="48" alt="screaminggoat" style="position: absolute; left: 0; top: 0;">screaminggoat</a><div><a href="https://infosec.exchange/@screaminggoat/113788992074892039" rel="in-reply-to">in reply to</a></div></section><article><p>BishopFox: <a href="https://bishopfox.com/blog/sonicwall-cve-2024-53704-ssl-vpn-session-hijacking" rel="nofollow">SonicWall CVE-2024-53704: SSL VPN Session Hijacking</a><br>See parent toots for the security advisory. BishopFox intends to publish vulnerability <a href="https://cve.org/CVERecord?id=CVE-2024-53704" rel="nofollow">CVE-2024-53704</a> (9.8 critical) SonicOS SSLVPN Authentication Bypass Vulnerability in the next 90 days. </p><p>Our current research indicates more than 5,000 affected SonicWall devices remain accessible on the internet. Although significant reverse-engineering effort was required to find and exploit the vulnerability, the exploit itself is rather trivial.</p><p>UPDATED 10 February 2025: Bishopfox included full exploitation details in their blog post.</p><p><a href="https://infosec.exchange/tags/sonicwall" rel="tag">#sonicwall</a> <a href="https://infosec.exchange/tags/CVE_2024_53704" rel="tag">#CVE_2024_53704</a> <a href="https://infosec.exchange/tags/sonicos" rel="tag">#sonicos</a> <a href="https://infosec.exchange/tags/sslvpn" rel="tag">#sslvpn</a> <a href="https://infosec.exchange/tags/vulnerability" rel="tag">#vulnerability</a> <a href="https://infosec.exchange/tags/CVE" rel="tag">#CVE</a> <a href="https://infosec.exchange/tags/infosec" rel="tag">#infosec</a> <a href="https://infosec.exchange/tags/cybersecurity" rel="tag">#cybersecurity</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/4549644#notice-8907295">In conversation</a><time datetime="2025-02-12T08:43:55+09:00" title="Wednesday, 12-Feb-2025 08:43:55 JST">about 3 months ago</time> <span>from <span><a href="https://infosec.exchange/@screaminggoat/113872929744601721" rel="external" title="Sent from infosec.exchange via ActivityPub">infosec.exchange</a></span></span><a href="https://infosec.exchange/@screaminggoat/113872929744601721">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
screaminggoat (screaminggoat@infosec.exchange)'s status on Wednesday, 12-Feb-2025 08:43:55 JST screaminggoat
in reply to
BishopFox: SonicWall CVE-2024-53704: SSL VPN Session Hijacking
See parent toots for the security advisory. BishopFox intends to publish vulnerability CVE-2024-53704 (9.8 critical) SonicOS SSLVPN Authentication Bypass Vulnerability in the next 90 days.
Our current research indicates more than 5,000 affected SonicWall devices remain accessible on the internet. Although significant reverse-engineering effort was required to find and exploit the vulnerability, the exploit itself is rather trivial.
UPDATED 10 February 2025: Bishopfox included full exploitation details in their blog post.
#sonicwall #CVE_2024_53704 #sonicos #sslvpn #vulnerability #CVE #infosec #cybersecurity
In conversationabout 3 months ago from infosec.exchangepermalink

Public

Embed Notice

HTML Code

Corresponding Notice