Dive Insight:
SonicWall issued an advisory and patched the vulnerability in January. However, researchers from Bishop Fox released a proof of concept earlier this month, and Arctic Wolf subsequently reported attempts to exploit the vulnerability.
SonicWall previously warned the proof of concept significantly increases the risk of exploitation and urged customers to immediately patch. If upgrading firmware is not possible, the company said disabling the SSL VPN was another option.
The flaw was linked to the improper handling of base64-encoded session cookies. The getSslvpnSessionFromCookie function fails to properly verify session cookies, according to Bishop Fox and Censys.
The vulnerability affects SonicWall TZ, NSa, NSsp series firewalls and NSv series virtual firewalls, according to Censys.
Source: Cybersecurity Dive