Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label firewall exploits. Show all posts
Vulnerabilities and Exploits
Business Security firewall exploits Security Patch SonicWall Vulnerabilities and Exploits

Thousands of SonicWall Devices Vulnerable to Critical Security Threats

 

Thousands of SonicWall network security devices are currently exposed to severe vulnerabilities, with over 20,000 running outdated firmware that no longer receives vendor support. This puts countless organizations at risk of unauthorized access and potential data breaches.

Key Findings of the Study

  • A Bishop Fox study identified more than 25,000 SonicWall SSLVPN devices exposed to the internet, making them easy targets for cybercriminals.
  • The research analyzed over 430,000 SonicWall devices globally and found that 39% of the exposed devices were running Series 7 firewalls, many of which lacked the latest security patches.
  • Over 20,000 devices were found to be running software versions no longer supported by SonicWall, with older Series 5 and Series 6 devices being the most at risk.

Impact of Vulnerabilities

The study highlighted that many of these devices remain susceptible to exploits, including authentication bypasses and heap overflow bugs disclosed earlier this year. Attackers could use these flaws to gain unauthorized access to networks, particularly when both SSL VPN and administration interfaces are exposed online.

Bishop Fox employed advanced fingerprinting techniques to reverse-engineer the encryption securing the SonicOSX firmware, allowing researchers to pinpoint the vulnerabilities specific to each device version.

Risks Posed by Unsupported Firmware

  • Many Series 5 devices, which are largely unsupported, continue to be exposed to the internet, leaving them highly vulnerable to attacks.
  • Series 6 devices, while better maintained, still include a significant number that have not applied the latest patches.
  • Approximately 28% of evaluated devices were found to have critical or high-severity vulnerabilities.

Recommendations for Companies

Organizations using SonicWall devices must take immediate steps to mitigate these risks:

  • Ensure all firmware is updated to the latest version to address known vulnerabilities.
  • Disable public exposure of SSL VPN and administration interfaces to reduce attack surfaces.
  • Regularly audit network security practices and implement robust patch management protocols.

The findings underscore the urgent need for companies to prioritize cybersecurity measures. Neglecting to update firmware and secure network devices can have severe consequences, leaving systems and sensitive data vulnerable to exploitation.

With threats growing increasingly sophisticated, staying proactive about network security is no longer optional—it’s essential.

Read more »
Tesla Vulnerabilities and Exploits
authentication bypass flaw cybersecurity vulnerabilities firewall exploits Palo Alto firewalls PAN-OS attacks privilege escalation vulnerability Tesla Vulnerabilities and Exploits

Thousands of Palo Alto Firewalls Hacked Through Recently Patched Vulnerabilities

 

 
Hackers have successfully breached thousands of Palo Alto Networks firewalls by exploiting two critical vulnerabilities recently addressed by the company.

The flaws include an authentication bypass (CVE-2024-0012) in the PAN-OS management web interface, allowing remote attackers to gain admin privileges, and a privilege escalation vulnerability (CVE-2024-9474) enabling execution of commands on firewalls with root access.

CVE-2024-9474 was disclosed earlier this week, while Palo Alto Networks initially alerted users on November 8 about a potential remote code execution flaw, now identified as CVE-2024-0012. The company continues to investigate attacks leveraging these flaws and has confirmed instances of malware deployment and command execution on compromised firewalls.

"This original activity reported on Nov. 18, 2024 primarily originated from IP addresses known to proxy/tunnel traffic for anonymous VPN services," the company stated on Wednesday.

Unit 42, Palo Alto’s threat intelligence team, added, "At this time, Unit 42 assesses with moderate to high confidence that a functional exploit chaining CVE-2024-0012 and CVE-2024-9474 is publicly available, which will enable broader threat activity."

While Palo Alto claims the impact is limited to "a very small number" of PAN-OS devices, the Shadowserver Foundation reported over 2,700 vulnerable systems globally, with approximately 2,000 already compromised.

In response, the Cybersecurity and Infrastructure Security Agency (CISA) added these vulnerabilities to its Known Exploited Vulnerabilities Catalog, requiring federal agencies to patch their systems by December 9.

Additionally, CISA flagged another severe vulnerability (CVE-2024-5910) in the Palo Alto Networks Expedition tool, exploited in November, as well as a previous critical flaw (CVE-2024-3400) impacting over 82,000 devices earlier this year.

Palo Alto Networks has urged customers to secure management interfaces:
"Risk of these issues are greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended best practice deployment guidelines," the company advised.
Read more »
Subscribe to: Posts (Atom)