Key Points:
– Critical vulnerabilities discovered in Palo Alto GlobalProtect and SonicWall NetExtender VPN clients
– Allows malicious VPN servers to deploy unauthorized updates and execute harmful code
Security Impact:
– Attackers can:
* Steal login credentials
* Execute privileged code
* Install malicious software
* Perform man-in-the-middle attacks
* Install unauthorized root certificates
Vendor Responses:
1. SonicWall:
– Released patch for CVE-2024-29014
– Solution: Update to NetExtender Windows 10.2.341 or higher
2. Palo Alto Networks:
– Released patch for CVE-2024-5921
– Solutions:
* Update to GlobalProtect 6.2.6 or later
* Run VPN client in FIPS-CC mode
Research Development:
– AmberWolf released NachoVPN tool for testing
– Tool features:
* Platform-agnostic design
* Supports multiple VPN clients
* Community-extensible framework
* Compatible with Cisco AnyConnect, SonicWall NetExtender, Palo Alto GlobalProtect, and Ivanti Connect Secure
Organizations are strongly advised to apply the available patches and follow security advisories to protect against these vulnerabilities.