Critical VPN Flaw Lets Hackers Hijack Updates Through Fake Servers

Critical VPN Flaw Lets Hackers Hijack Updates Through Fake Servers

“NachoVPN” Vulnerabilities in Major VPN Clients

Key Points:
– Critical vulnerabilities discovered in Palo Alto GlobalProtect and SonicWall NetExtender VPN clients
– Allows malicious VPN servers to deploy unauthorized updates and execute harmful code

Security Impact:
– Attackers can:
* Steal login credentials
* Execute privileged code
* Install malicious software
* Perform man-in-the-middle attacks
* Install unauthorized root certificates

Vendor Responses:
1. SonicWall:
– Released patch for CVE-2024-29014
– Solution: Update to NetExtender Windows 10.2.341 or higher

2. Palo Alto Networks:
– Released patch for CVE-2024-5921
– Solutions:
* Update to GlobalProtect 6.2.6 or later
* Run VPN client in FIPS-CC mode

Research Development:
– AmberWolf released NachoVPN tool for testing
– Tool features:
* Platform-agnostic design
* Supports multiple VPN clients
* Community-extensible framework
* Compatible with Cisco AnyConnect, SonicWall NetExtender, Palo Alto GlobalProtect, and Ivanti Connect Secure

Organizations are strongly advised to apply the available patches and follow security advisories to protect against these vulnerabilities.

Share This Article