Actively Exploited in the Wild
This vulnerability is being actively exploited in the wild.
SonicWall SSLVPN Authentication Bypass Vulnerability
Vulnerability
A vulnerability allowing authentication bypass in the SSLVPN authentication mechanism has been identified in SonicWall products. This improper authentication issue allows remote attackers to bypass authentication requirements. The vulnerability is present in several SonicWall firewall products, specifically in certain versions of SonicOS. The issue arises from the SSLVPN authentication mechanism, which can be exploited to gain unauthorized access.
Impact
Exploitation of this vulnerability allows for authentication bypass, enabling unauthorized users to gain access to resources or functionalities that require authenticated user privileges.
Reproduction
The vulnerability can be reproduced by sending a request that exploits the SSLVPN authentication mechanism. This can be done by reusing an SSLVPN session, which will bypass the authentication process. The event log will show a message indicating that an SSLVPN session has been reused, which serves as an indicator of compromise.
Remediation
Users are advised to update their SonicWall firewalls to the latest patched versions. The latest patch builds are available for download on mysonicwall.com. If an immediate update is not possible, SSLVPN access should be disabled or restricted to trusted sources.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.