SonicWall VPN flaw could allow hackers to hijack your sessions, so patch now

A VPN runs on a mobile phone placed on a laptop keyboard
(Image credit: Getty Images)

  • Bishop Fox found a way to abuse a SonicWall VPN flaw
  • It allows threat actors to bypass authentication and hijack sessions
  • There are thousands of vulnerable endpoints

A major vulnerability in the SonicWall VPN which can be exploited to hijack sessions and access the target network has now seen its first proof-of-concept (PoC) attack, meaning it’s only a matter of time before cybercriminals start exploiting it in the wild.

In early January 2025, SonicWall raised the alarm on a vulnerability in SonicOS and urged its users to apply the fix immediately. The flaw is tracked as CVE-2024-53704, and described as an Improper Authentication bug in the SSLVPN authentication mechanism. It was given a severity score of 9.8/10 (critical) and was said it could be abused to allow a remote attacker to bypass authentication.

It impacted SonicOS versions 7.1.x (up to 7.1.1-7058), 7.1.2-7019, and 8.0.0-8035. SonicWall released versions SonicOS 8.0.0-8037 and later, 7.0.1-5165 and higher, 7.1.3-7015 and higher, and 6.5.5.1-6n and higher, to address the bug. At the time, there were more than 4,500 internet-exposed endpoints.

Protect yourself from identity theft online

Protect yourself from identity theft online

Go Incogni and get 55% off using code TECHRADAR. Incogni erases you and your family from the sites that expose your personal information to identity thieves and robocalls.

Preferred partner (What does this mean?

Proof of Concept

Now, since SonicWall users were given enough time to patch, security researchers from Bishop Fox came forward with more details about the vulnerability, as well as a PoC. After a “significant” reverse-engineering effort, Bishop Fox said the vulnerability could be exploited by sending a custom-built session cookie containing a base64-encoded string of null bytes to the SSLVPN authentication endpoint.

This results in the endpoint assuming the request was associated with an active VPN session and incorrectly validates it. As a result, the target is logged out, while the attacker gets access to the session, including the ability to read the victim’s Virtual Office bookmarks, access VPN client configuration settings, open a VPN tunnel, and more.

"With that, we were able to identify the username and domain of the hijacked session, along with private routes the user was able to access through the SSL VPN," the researchers said.

Via BleepingComputer

You might also like

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read more
A VPN runs on a mobile phone placed on a laptop keyboard
SonicWall firewalls hit by worrying cyberattack
Representational image depecting cybersecurity protection
Hackers are breaking SonicWall products to target business networks
Best free Linux firewalls
SonicWall tells admins to patch worrying SSLVPN flaw immediately
An illustration of a hand holding a set of keys in front of a laptop, accompanied by a padlock symbol, fingerprint, and key.
Thousands of SonicWall VPN devices are facing worrying security threats
The best free firewall
Palo Alto Networks PAN-OS sees authentication bypass under attack from hackers
Best free Linux firewalls
Fortinet warns a critical vulnerability in its systems could let attackers breach company networks
Latest in Security
An American flag flying outside the US Capitol building against a blue sky
The FCC is creating a security council to bolster US defenses against cyberattacks
Image depicting hands typing on a keyboard, with phishing hooks holding files, passwords and credit cards.
Microsoft warns about a new phishing campaign impersonating Booking.com
Ransomware
Microsoft uncovers sleuthy new XCSSET MacOS malware campaign
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Meta warns of worrying security flaw hitting open source type software
Hand holding smartphone and scan fingerprint biometric identity for unlock her mobile phone
Passwordless authentication continues to grow, with biometrics helping push adoption
Data leak
Hacked Tata Technologies data leaked by ransomware gang
Latest in News
The Google Gemini logo against a black background.
I tried Gemini's new AI image generation tool - here are 5 ways to get the best art from Google's upcoming Flash 2.0 built-in image upgrade
An image of the Samsung Galaxy S25 Ultra from a hands-on event
Samsung Galaxy S26 Ultra could resurrect an intriguing camera feature
Eurocom Raptor X18
At $15,000, this massive 256GB RAM laptop makes Apple's MacBook Pro look affordable, tiny and very, very slow
Cristin Milioti in Black Mirror season 7
Netflix launches trailer for Black Mirror season 7, giving us a look at its first-ever sequel episode and an unexpected returning character
A graphic of the PC Gaming Show
Get ready for a bounty of PC games on June 8, as the PC Gaming show is back
A close up of The Daily podcast from Pocket Casts' web page
‘Podcasting shouldn’t be locked behind walled gardens’: Pocket Casts slams Spotify and makes its web player free to all