Researchers have recognized a brand new assault technique that enables malicious updates to be put in on track techniques. Dubbed “NachoVPN,” the assault targets company shoppers, akin to Palo Alto and SonicWall SSL-VPN shoppers, by exploiting unpatched vulnerabilities.
NachoVPN Assault Permits Malicious Updates
Researchers from Amberwolf have demonstrated a brand new assault focusing on company VPN shoppers. The “NachoVPN” assault permits adversaries to trick company VPN shoppers into connecting to rogue endpoints. Ultimately, it empowers the attackers to carry out numerous malicious actions, akin to stealing login credentials from the goal techniques.
Particularly, the assault works towards most company VPN shoppers, which the researchers name “Very Pwnable Networks.” Of their examine, the researchers demonstrated the assault towards two standard VPN shoppers: SonicWall NetExtender and Palo Alto Networks GlobalProtect VPN. In short, the assault requires an adversary to trick the goal consumer into connecting to an attacker-controlled endpoint by way of phishing or social engineering. As soon as completed, the attackers may acquire elevated privileges to execute arbitrary codes and carry out different malicious actions.
The next video from HackFest Hollywood 2024 contains particulars concerning the “Very Pwnable Networks” that the researchers may goal with NachoVPN. They’ve additionally shared technical particulars concerning the vulnerability exploits in separate advisories for SonicWall and Palo Alto shoppers.
The researchers additionally launched the NachoVPN instrument on GitHub for the neighborhood to check. This instrument works for extra VPN shoppers, akin to Cisco AnyConnect, along with the 2 VPNs demonstrated within the examine.
Following the report, the distributors patched the vulnerabilities accordingly. Particularly, SonicWall patched the vulnerability affecting its SSL VPN NetExtender, CVE-2024-29014, with NetExtender Home windows (32 and 64 bit) 10.2.341. Likewise, Palo Alto Networks additionally addressed the flaw affecting its GlobalProtect app, CVE-2024-5921, with GlobalProtect App 6.2.6 and better releases.
Whereas the distributors took time to deal with the problems, the patches are actually accessible for the customers. Therefore, all customers should replace their gadgets to keep away from potential threats.
Tell us your ideas within the feedback.