26 January 2021

Security researcher releases an exploit for SonicWall VPNs


Security researcher releases an exploit for SonicWall VPNs

A former member of the infamous hacktivist collective Lulz Security (LulzSec) has shared a zero-day exploit for a popular SonicWall VPN application, which utilizes the same vulnerabilities used by a notorious hacktivist known as Phineas Phisher to compromise the Italian spyware vendor Hacking Team and other companies.

On Monday, a security researcher Darren Martyn has published the exploit in his blog, after SonicWall revealed that hackers had breached its internal systems using a zero day flaw in its remote access tools.

“I’ve been sitting on this one for quite a while now, and figured what with SonicWall back in the news for getting owned via some 0days in their own s**t products, it would be somewhat amusing to release this,” Martyn wrote.

The researcher explained that SonicWall “Virtual Office” SSL-VPN products ship with an outdated version of Bash vulnerable to ShellShock, which makes them vulnerable to unauthenticated remote code execution (as a “nobody” user) via the /cgi-bin/jarrewrite.sh URL.

“The exploit is incredibly trivial. We simply spaff a shellshock payload containing a bash /dev/tcp backconnect at it, and we get a shell. Now, the environment on these things is incredibly limited – its stripped down Linux. But we have bash, openssl, and FTP. So you could always download your own toolkit for further exploitation,” Martyn said.

The researcher did not provide details on how to gain administrative privileges on the SonicWall VPN to prevent unskilled hackers from just copy pasting the exploit and using it in their attacks.

Following publication of the exploit code, SonicWall said that the vulnerabilities that this exploit relies on had been already patched.

“The vulnerability that this post is referencing was patched in 2015 in SMA 8.0.0.4. It cannot be exploited in version 9 or 10,” the company said in a message on Twitter.


Back to the list

Latest Posts

Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

97 zero-day flaws were exploited in-the-wild in 2023, marking an increase of over 50% compared to 2022.
27 March 2024
Sophisticated malware campaign targeting end-of-life routers and IoT devices

Sophisticated malware campaign targeting end-of-life routers and IoT devices

A recent campaign targeted over 6,000 ASUS routers in less than 72 hours.
27 March 2024
Chinese APT groups target Southeast Asian nations in cyberespionage campaigns

Chinese APT groups target Southeast Asian nations in cyberespionage campaigns

The observed cyberattack employed phishing emails as the primary method of infiltration.
27 March 2024