Security experts have discovered active exploitation of a severe vulnerability in SonicWall firewalls, putting organizations at risk. The flaw allows cybercriminals to gain unauthorized access to systems and tamper with VPN connections.
The vulnerability, tracked as CVE-2024-53704, affects multiple versions of SonicOS and received a near-maximum severity rating of 9.8 out of 10. The security flaw exists in the SSLVPN authentication system, enabling attackers to hijack user sessions.
According to cybersecurity firm Arctic Wolf, attackers can exploit this weakness to:
- Access VPN client settings
- Read Virtual Office bookmarks
- Create unauthorized VPN tunnels
- View private network routes
- Obtain user and domain information
While SonicWall released patches in early January 2025, thousands of systems remain unprotected. The situation became more pressing after security researchers published technical details about the vulnerability, inadvertently providing attackers with a blueprint for exploitation.
"Shortly after the proof-of-concept was made public, Arctic Wolf began observing exploitation attempts of this vulnerability in the threat landscape," stated the company's security advisory.
Organizations using affected SonicWall devices should immediately update to the latest secure versions:
- SonicOS 8.0.0-8037 or later
- Version 7.0.1-5165 or higher
- Version 7.1.3-7015 or higher
- Version 6.5.5.1-6n or higher
This incident highlights the racing dynamic between security patches and active threats, emphasizing the need for swift system updates when vulnerabilities are discovered.