{"id":1557,"date":"2025-02-26T10:46:50","date_gmt":"2025-02-26T10:46:50","guid":{"rendered":"https:\/\/www.tsfactory.com\/forums\/?p=1557"},"modified":"2025-02-26T10:46:50","modified_gmt":"2025-02-26T10:46:50","slug":"more-than-400-sonicwall-firewall-instances-remain-vulnerable-to-attack","status":"publish","type":"post","link":"https:\/\/www.tsfactory.com\/forums\/blog\/more-than-400-sonicwall-firewall-instances-remain-vulnerable-to-attack\/","title":{"rendered":"More than 400 SonicWall firewall instances remain vulnerable to attack"},"content":{"rendered":"

Dive Insight:
\nSonicWall issued an advisory and patched the vulnerability in January. However, researchers from Bishop Fox released a proof of concept earlier this month, and Arctic Wolf subsequently reported attempts to exploit the vulnerability.<\/p>\n

SonicWall previously warned the proof of concept significantly increases the risk of exploitation and urged customers to immediately patch. If upgrading firmware is not possible, the company said disabling the SSL VPN was another option.<\/p>\n

The flaw was linked to the improper handling of base64-encoded session cookies. The getSslvpnSessionFromCookie function fails to properly verify session cookies, according to Bishop Fox and Censys.<\/p>\n

The vulnerability affects SonicWall TZ, NSa, NSsp series firewalls and NSv series virtual firewalls, according to Censys.<\/p>\n

Read the Full Story Here<\/a><\/p>\n

Source: Cybersecurity Dive<\/p>\n","protected":false},"excerpt":{"rendered":"

Dive Insight: SonicWall issued an advisory and patched the vulnerability in January. However, researchers from Bishop Fox released a proof of concept earlier this month, and Arctic Wolf subsequently reported attempts to exploit the vulnerability. SonicWall previously warned the proof of concept significantly increases the risk of exploitation and urged customers to immediately patch. If […]<\/p>\n","protected":false},"author":2,"featured_media":1470,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-1557","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news"],"yoast_head":"\nMore than 400 SonicWall firewall instances remain vulnerable to attack - Community<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.tsfactory.com\/forums\/blog\/more-than-400-sonicwall-firewall-instances-remain-vulnerable-to-attack\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"More than 400 SonicWall firewall instances remain vulnerable to attack - Community\" \/>\n<meta property=\"og:description\" content=\"Dive Insight: SonicWall issued an advisory and patched the vulnerability in January. However, researchers from Bishop Fox released a proof of concept earlier this month, and Arctic Wolf subsequently reported attempts to exploit the vulnerability. SonicWall previously warned the proof of concept significantly increases the risk of exploitation and urged customers to immediately patch. If […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.tsfactory.com\/forums\/blog\/more-than-400-sonicwall-firewall-instances-remain-vulnerable-to-attack\/\" \/>\n<meta property=\"og:site_name\" content=\"Community\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/TSFactoryLLC\/\" \/>\n<meta property=\"article:published_time\" content=\"2025-02-26T10:46:50+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2024\/11\/ransomware.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1279\" \/>\n\t<meta property=\"og:image:height\" content=\"853\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Chelsie Wyatt\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@TSFactoryLLC\" \/>\n<meta name=\"twitter:site\" content=\"@TSFactoryLLC\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Chelsie Wyatt\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/more-than-400-sonicwall-firewall-instances-remain-vulnerable-to-attack\/\",\"url\":\"https:\/\/www.tsfactory.com\/forums\/blog\/more-than-400-sonicwall-firewall-instances-remain-vulnerable-to-attack\/\",\"name\":\"More than 400 SonicWall firewall instances remain vulnerable to attack - Community\",\"isPartOf\":{\"@id\":\"https:\/\/www.tsfactory.com\/forums\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/more-than-400-sonicwall-firewall-instances-remain-vulnerable-to-attack\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/more-than-400-sonicwall-firewall-instances-remain-vulnerable-to-attack\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2024\/11\/ransomware.jpg\",\"datePublished\":\"2025-02-26T10:46:50+00:00\",\"author\":{\"@id\":\"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/9d9908f0e12559297335ebe9b601c82f\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/more-than-400-sonicwall-firewall-instances-remain-vulnerable-to-attack\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.tsfactory.com\/forums\/blog\/more-than-400-sonicwall-firewall-instances-remain-vulnerable-to-attack\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/more-than-400-sonicwall-firewall-instances-remain-vulnerable-to-attack\/#primaryimage\",\"url\":\"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2024\/11\/ransomware.jpg\",\"contentUrl\":\"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2024\/11\/ransomware.jpg\",\"width\":1279,\"height\":853},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/more-than-400-sonicwall-firewall-instances-remain-vulnerable-to-attack\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.tsfactory.com\/forums\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"More than 400 SonicWall firewall instances remain vulnerable to attack\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/#website\",\"url\":\"https:\/\/www.tsfactory.com\/forums\/\",\"name\":\"Community\",\"description\":\"TSFactory\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.tsfactory.com\/forums\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/9d9908f0e12559297335ebe9b601c82f\",\"name\":\"Chelsie Wyatt\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/09ff3801fb7566acf715fe4e81a9bd942b923c236138a3ed8a8375f099e5d6d6?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/09ff3801fb7566acf715fe4e81a9bd942b923c236138a3ed8a8375f099e5d6d6?s=96&d=mm&r=g\",\"caption\":\"Chelsie Wyatt\"},\"url\":\"https:\/\/www.tsfactory.com\/forums\/blog\/author\/chelsie\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"More than 400 SonicWall firewall instances remain vulnerable to attack - Community","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.tsfactory.com\/forums\/blog\/more-than-400-sonicwall-firewall-instances-remain-vulnerable-to-attack\/","og_locale":"en_US","og_type":"article","og_title":"More than 400 SonicWall firewall instances remain vulnerable to attack - Community","og_description":"Dive Insight: SonicWall issued an advisory and patched the vulnerability in January. However, researchers from Bishop Fox released a proof of concept earlier this month, and Arctic Wolf subsequently reported attempts to exploit the vulnerability. SonicWall previously warned the proof of concept significantly increases the risk of exploitation and urged customers to immediately patch. If […]","og_url":"https:\/\/www.tsfactory.com\/forums\/blog\/more-than-400-sonicwall-firewall-instances-remain-vulnerable-to-attack\/","og_site_name":"Community","article_publisher":"https:\/\/www.facebook.com\/TSFactoryLLC\/","article_published_time":"2025-02-26T10:46:50+00:00","og_image":[{"width":1279,"height":853,"url":"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2024\/11\/ransomware.jpg","type":"image\/jpeg"}],"author":"Chelsie Wyatt","twitter_card":"summary_large_image","twitter_creator":"@TSFactoryLLC","twitter_site":"@TSFactoryLLC","twitter_misc":{"Written by":"Chelsie Wyatt","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.tsfactory.com\/forums\/blog\/more-than-400-sonicwall-firewall-instances-remain-vulnerable-to-attack\/","url":"https:\/\/www.tsfactory.com\/forums\/blog\/more-than-400-sonicwall-firewall-instances-remain-vulnerable-to-attack\/","name":"More than 400 SonicWall firewall instances remain vulnerable to attack - Community","isPartOf":{"@id":"https:\/\/www.tsfactory.com\/forums\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.tsfactory.com\/forums\/blog\/more-than-400-sonicwall-firewall-instances-remain-vulnerable-to-attack\/#primaryimage"},"image":{"@id":"https:\/\/www.tsfactory.com\/forums\/blog\/more-than-400-sonicwall-firewall-instances-remain-vulnerable-to-attack\/#primaryimage"},"thumbnailUrl":"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2024\/11\/ransomware.jpg","datePublished":"2025-02-26T10:46:50+00:00","author":{"@id":"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/9d9908f0e12559297335ebe9b601c82f"},"breadcrumb":{"@id":"https:\/\/www.tsfactory.com\/forums\/blog\/more-than-400-sonicwall-firewall-instances-remain-vulnerable-to-attack\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.tsfactory.com\/forums\/blog\/more-than-400-sonicwall-firewall-instances-remain-vulnerable-to-attack\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.tsfactory.com\/forums\/blog\/more-than-400-sonicwall-firewall-instances-remain-vulnerable-to-attack\/#primaryimage","url":"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2024\/11\/ransomware.jpg","contentUrl":"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2024\/11\/ransomware.jpg","width":1279,"height":853},{"@type":"BreadcrumbList","@id":"https:\/\/www.tsfactory.com\/forums\/blog\/more-than-400-sonicwall-firewall-instances-remain-vulnerable-to-attack\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.tsfactory.com\/forums\/"},{"@type":"ListItem","position":2,"name":"More than 400 SonicWall firewall instances remain vulnerable to attack"}]},{"@type":"WebSite","@id":"https:\/\/www.tsfactory.com\/forums\/#website","url":"https:\/\/www.tsfactory.com\/forums\/","name":"Community","description":"TSFactory","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.tsfactory.com\/forums\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/9d9908f0e12559297335ebe9b601c82f","name":"Chelsie Wyatt","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/09ff3801fb7566acf715fe4e81a9bd942b923c236138a3ed8a8375f099e5d6d6?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/09ff3801fb7566acf715fe4e81a9bd942b923c236138a3ed8a8375f099e5d6d6?s=96&d=mm&r=g","caption":"Chelsie Wyatt"},"url":"https:\/\/www.tsfactory.com\/forums\/blog\/author\/chelsie\/"}]}},"_links":{"self":[{"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/posts\/1557","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/comments?post=1557"}],"version-history":[{"count":1,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/posts\/1557\/revisions"}],"predecessor-version":[{"id":1558,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/posts\/1557\/revisions\/1558"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/media\/1470"}],"wp:attachment":[{"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/media?parent=1557"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/categories?post=1557"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/tags?post=1557"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}