A critical authentication bypass vulnerability (CVE-2024-53704) in SonicWall firewalls is currently being targeted by attackers following the release of proof-of-concept (PoC) exploit code. The vulnerability affects the SSLVPN authentication mechanism in SonicOS versions 7.1.x, 7.1.2-7019, and 8.0.0-8035, impacting various Gen 6, Gen 7, and SOHO series firewall models.

The security flaw enables remote attackers to hijack active SSL VPN sessions without authentication, potentially granting unauthorized network access. SonicWall released security updates on January 7 and advised immediate firmware upgrades to address the vulnerability.

Key Points:
– Approximately 4,500 unpatched SonicWall SSL VPN servers remain exposed online
– Arctic Wolf detected exploitation attempts shortly after the PoC release
– The exploit allows attackers to bypass MFA, access private information, and disrupt VPN sessions
– Bishop Fox researchers published the PoC exploit on February 10

Recommended Mitigations:
1. Upgrade to the latest SonicOS firmware immediately
2. Limit access to trusted sources
3. Disable SSLVPN if updates cannot be applied
4. Restrict Internet access if not essential

Previous incidents involving Akira and Fog ransomware groups targeting SonicWall firewalls highlight the urgency of addressing this vulnerability, with Arctic Wolf reporting at least 30 intrusions through SonicWall VPN accounts in recent months.