Here’s the translation of your text into American English:
Researchers in cybersecurityCybersecurity solutions are essential in the digital age… have revealed serious flaws in the client update process of corporate VPNA VPN, short for Virtual Private Network, enables private… applications, specifically Palo Alto Networks GlobalProtect and SonicWall NetExtender, which could allow attackers to execute code remotely on users’ devices. These vulnerabilities, identified as CVE-2024-5921 and CVE-2024-29014, expose companies to significant risks in corporate environments.
Details of the Vulnerabilities
The vulnerability CVE-2024-5921 affects versions of GlobalProtect on Windows, macOS, and Linux systems. According to researchers from AmberWolf, the flaw allows an attacker to connect the GlobalProtect application to arbitrary servers, enabling the installation of malicious root certificates and, consequently, fraudulently signed software. On Windows and macOS systems, attackers could execute remote code and escalate privileges by taking advantage of the automatic update mechanism.
In the case of CVE-2024-29014, which affects SonicWall NetExtender in versions prior to 10.2.341 for Windows, attackers can execute code with SYSTEM privileges during a client update. A user could be deceived into connecting to a malicious VPN server, from which a fraudulent update of the Endpoint Control (EPC) client would be installed.
Solutions and Mitigations
Palo Alto Networks has released an update for GlobalProtect (version 6.2.6 and above on Windows), which introduces additional configuration parameters to enhance certificate validation. However, macOS and Linux versions still do not have a patch available. As a mitigation measure, the company recommends enabling FIPS-CC mode on affected devices.
On its part, SonicWall has patched the vulnerability in NetExtender with version 10.2.341 for Windows and later. Additionally, experts suggest implementing firewall rules to restrict access to known and legitimate VPN servers, reducing the risk of users connecting to malicious servers.
Testing Tools and Context
To demonstrate the vulnerabilities, researchers have developed NachoVPN, an open-source tool that simulates malicious VPN servers capable of exploiting these flaws. According to AmberWolf, these discoveries highlight the inherent risks associated with using high-privilege VPN clients on operating systems, underscoring the importance of strengthening their security.
Risk to Businesses
VPN clients are essential for secure remote access, but these vulnerabilities reveal that if they are not properly protected, they can become a significant attack vector. Companies that rely on these tools for their operations must prioritize updates and consider implementing immediate mitigation measures.
This finding underscores the need for a proactive approach to cybersecurity, especially in the current context where attacks on critical and business infrastructure are on the rise. Palo Alto Networks and SonicWall have urged their users to update affected systems and follow best security practices to minimize risks.
References: OpenSecurity, Palo Alto, HelpNetSecurity, and NachoVPN.