Application security

Security Advisory

Important Security Alert: SonicWall Issues Patch for SSL-VPN Vulnerabilities 

SonicWall has released an Critical advisory urging administrators to address a critical vulnerability in its SSL-VPN product.

The flaw, identified as CVE-2024-53704, poses a significant security risk, allowing attackers to exploit the system remotely. Administrators are strongly encouraged to update their systems immediately to mitigate potential threats. SonicWall has released an Critical advisory urging administrators to address a critical vulnerability in its SSL-VPN product.

Key Details:

  • The vulnerability allows unauthenticated remote attackers to execute arbitrary code on affected systems.
  • It impacts SonicWall’s SSL-VPN products, widely used for secure remote access.
  • Exploitation of this bug could lead to severe consequences, including unauthorized access to sensitive data, network infiltration, and system compromise.

Summary 

OEM SonicWall 
Severity High 
CVSS 8.2 
CVEs CVE-2024-53704 
Exploited in Wild No 
Patch/Remediation Available Yes 
Advisory Version 1.0 

Overview 

The security flaw, tracked as CVE-2024-53704, presents a serious risk, enabling remote exploitation by attackers. Administrators are highly advised to apply the necessary patches without delay to protect against potential threats.  

Vulnerability Name CVE ID Product Affected Severity Affected Version 
Improper Authentication CVE-2024-53704 SonicWall  High 7.1.x (7.1.1-7058 and older), 7.1.2-7019 
8.0.0-8035 
A privilege escalation vulnerability CVE-2024-53706 SonicWall High  7.1.x (7.1.1-7058 and older), 7.1.2-7019 
A weakness in the SSLVPN authentication token generator CVE-2024-40762 SonicWall High  7.1.x (7.1.1-7058 and older), 7.1.2-7019 
A server-side request forgery (SSRF) vulnerability CVE-2024-53705 SonicWall Medium 6.5.4.15-117n and older 
7.0.x (7.0.1-5161 and older) 

Technical Summary 

CVE ID System Affected Vulnerability Details Impact 
 CVE-2024-53704  Gen7 Firewalls, Gen7 NSv, TZ80 An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.  Bypass authentication 
 CVE-2024-53706  Gen7 Cloud Platform NSv A vulnerability in the Gen7 SonicOS Cloud platform NSv (AWS and Azure editions only), allows a remote authenticated local low-privileged attacker to elevate privileges to `root` and potentially lead to code execution.  Allow attackers to gain root privileges and potentially execute code. 
  CVE-2024-40762  Gen7 Firewalls, Gen7 NSv, TZ80 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in the SonicOS SSLVPN authentication token generator that, in certain cases, can be predicted by an attacker potentially resulting in authentication bypass. Weak PRNG in authentication tokens can lead to authentication bypass in SSLVPN. 
 CVE-2024-53705  Gen6 Hardware Firewalls, Gen7 Firewalls, Gen7 NSv A Server-Side Request Forgery vulnerability in the SonicOS SSH management interface allows a remote attacker to establish a TCP connection to an IP address on any port when the user is logged in to the firewall. Allow attackers to establish TCP connections to arbitrary IP addresses and ports 

Remediation

  • Update: Impacted users are recommended to upgrade to the following versions to address the security risk: 
 Firewalls Versions Fixes and Releases 
Gen 6 / 6.5 hardware firewalls SonicOS 6.5.5.1-6n or newer 
Gen 6 / 6.5 NSv firewalls SonicOS 6.5.4.v-21s-RC2457 or newer 
Gen 7 firewalls SonicOS 7.0.1-5165 or newer; 7.1.3-7015 and higher 
TZ80: SonicOS SonicOS 8.0.0-8037 or newer 

Recommendations: 

  • Patch Without Delay: Install the latest firmware update from SonicWall to resolve this vulnerability. Detailed instructions are available in SonicWall’s official advisory. 
  • Monitor Network Activity: Regularly monitor network traffic for signs of suspicious or unauthorized access. 
  • Limit Access: Restrict VPN access to trusted users and enforce Multi-Factor Authentication (MFA) for all accounts. 
  • Stay Updated: Subscribe to SonicWall’s security alerts and updates to stay informed about upcoming vulnerabilities. 

References: 

Security Advisory

Critical Windows Privilege Escalation Vulnerability with Public Exploit

Cybersecurity researchers reported a critical Windows privilege escalation vulnerability, identified as CVE-2024-43641 affecting Microsoft Windows. This flaw, which affects various editions of Windows Server 2025, Windows 10, and Windows 11, has been assigned a CVSS v3.1 score of 7.8, indicating high severity.

Summary 

OEM Microsoft 
Severity High 
CVSS 7.8 
CVEs CVE-2024-43641 
Exploited in Wild No 
Patch/Remediation Available Yes 
Advisory Version 1.0 

Overview 

A significant Windows Registry Elevation of Privilege vulnerability, identified as CVE-2024-43641, affects multiple editions of Windows. A recently released Proof-of-Concept (PoC) exploit demonstrates how attackers can exploit this flaw to gain elevated privileges. 

Vulnerability Name CVE ID Product Affected Severity 
Windows Registry Elevation of Privilege Vulnerability  CVE-2024-43641  Windows    High 

Technical Summary 

The vulnerability, CVE-2024-43641, exploits a design flaw in Windows registry hive memory management, specifically during a double-fetch process under memory pressure. This flaw allows malicious SMB servers to respond with differing data for consecutive read requests, breaking kernel assumptions and enabling privilege escalation to SYSTEM level. Key technical details are as follows: 

CVE ID System Affected Vulnerability Details Impact 
CVE-2024-43641 Windows 10, Windows 11, Windows Server 2008–2025 The vulnerability involves improper handling of registry hive memory management under memory pressure. A malicious SMB server can respond with differing data to consecutive read requests, breaking kernel assumptions. Exploitation leverages a “False File Immutability” (FFI) condition. Allows attackers to escalate privileges, execute arbitrary code, and compromise system integrity. 

Remediation

  • Apply Patches: Users and system administrators are strongly advised to promptly apply the latest security updates. 
  • Monitor Activity: 
  • Monitor logs for suspicious activity related to registry operations. 
  • The cybersecurity community is actively monitoring the situation for any indications of active exploitation in the wild. 

Conclusion: 

CVE-2024-43641 is a high-severity vulnerability with a publicly available PoC exploit. It is crucial to apply security patches immediately and follow best practices to mitigate the risk of exploitation. Organizations must stay alert and monitor ongoing developments to ensure complete protection against this emerging threat. 

References: 

Cybersecurity News

Adobe released Security updates Addressing critical ColdFusion vulnerability with (PoC) Exploit code

Adobe released security updates (APSB24-107) addressing an arbitrary file system vulnerability ColdFusion, identified as CVE-2024-53961,  is linked to a path traversal weakness with proof-of-concept (PoC) exploit code.

This could allow attackers to exploit the flaw and gain unauthorized access to arbitrary files on vulnerable servers. 

As per the updates Adobe ColdFusion versions 2023 and 2021 that addressed an arbitrary file proof-of-concept may enable attackers to read arbitrary files on vulnerable servers, potentially leading to unauthorized access and data exposure warns of critical ColdFusion bug with PoC exploit code.

Summary:

“Adobe is aware that CVE-2024-53961 has a known proof-of-concept that could cause an arbitrary file system read,” Adobe earlier gave statement cautioning customers that it assigned a “Priority 1” severity rating to the flaw because it has a “a higher risk of being targeted, by exploit(s) in the wild for a given product version and platform.”

Key findings:

  • The vulnerability, CVE-2024-53961, affects ColdFusion 2021 and 2023.
  • Adobe has provided a patch to address the issue.
  • The vulnerability can potentially lead to unauthorized access and data exposure
  • The flaw has been given a Priority 1 severity rating, the highest possible level, due to its potential for exploitation in the wild.
  • Adobe has highlighted the critical nature of these updates and classified the vulnerability with a CVSS base score of 7.4, signifying a threat to the security of affected systems. 

Adobe has issued advisory

  • Monitor systems for any signs of exploitation.
  • Adobe has provided a patch to address the vulnerability remediation to mitigate the risk of exploitation.
  • Consider implementing file system monitoring and logging to detect and prevent unauthorized file access.

Path traversal weakness in ColdFusion; CVE-2024-53961

What is Path Traversal?

Hackers uses a tactics by Tricking a web application into displaying the contents of a directory that was not on request by user to gain access to sensitive files on a server.

The path traversal weakness in ColdFusion could be exploited by an attacker to perform unauthorized file system reads on affected servers.

This means that an attacker could manipulate file paths to access sensitive files that are otherwise restricted. This kind of vulnerability can lead to exposure of critical system information, unauthorized access and data exposure.

Reference: https://www.bleepingcomputer.com/news/security/adobe-warns-of-critical-coldfusion-bug-with-poc-exploit-code/

Scroll to top