Ethical Hacking News
A new cybersecurity threat, dubbed "NachoVPN," has been discovered, allowing rogue VPN servers to install malicious updates on unpatched clients. AmberWolf security researchers identified this vulnerability, and SonicWall and Palo Alto Networks have released patches to address the issue.
NachoVPN is a cybersecurity threat that allows rogue VPN servers to install malicious updates on unpatched Palo Alto and SonicWall SSL-VPN clients.The vulnerability was discovered by AmberWolf security researchers using social engineering or phishing attacks.The attack exploits vulnerabilities in the VPN clients, allowing attackers to steal login credentials, execute arbitrary code, and launch man-in-the-middle (MitM) attacks.SonicWall has released patches for CVE-2024-29014, while Palo Alto Networks released security updates for CVE-2024-5921.An AmberWolf open-source tool called "NachoVPN" simulates rogue VPN servers to exploit the vulnerabilities.AmberWolf has made technical information and recommendations available for defenders to address the vulnerability.
A recent cybersecurity threat has been identified, dubbed "NachoVPN," which allows rogue VPN servers to install malicious updates on unpatched Palo Alto and SonicWall SSL-VPN clients. This vulnerability was discovered by AmberWolf security researchers, who found that threat actors can trick potential targets into connecting their SonicWall NetExtender and Palo Alto Networks GlobalProtect VPN clients to attacker-controlled VPN servers using social engineering or phishing attacks.
The "NachoVPN" attack works by exploiting a set of vulnerabilities in the aforementioned VPN clients. When an unpatched client connects to a rogue VPN server, it can install malicious updates, steal login credentials, execute arbitrary code with elevated privileges, and launch man-in-the-middle (MitM) attacks or sign code forgeries.
SonicWall has released patches to address the CVE-2024-29014 NetExtender vulnerability in July, while Palo Alto Networks released security updates today for the CVE-2024-5921 GlobalProtect flaw. AmberWolf also disclosed additional details regarding the two vulnerabilities and released an open-source tool dubbed "NachoVPN," which simulates rogue VPN servers that can exploit these vulnerabilities.
The "NachoVPN" tool is platform-agnostic, capable of identifying different VPN clients and adapting its response based on the specific client connecting to it. It also supports various popular corporate VPN products, including Cisco AnyConnect, SonicWall NetExtender, Palo Alto GlobalProtect, and Ivanti Connect Secure. AmberWolf has made technical information regarding the vulnerabilities available in advisories, along with attack vector details and recommendations for defenders.
This vulnerability highlights the ongoing threat of social engineering attacks on unpatched software clients. It also emphasizes the importance of keeping VPN client software up-to-date and being cautious when receiving links or attachments from unknown sources.
Related Information:
https://www.bleepingcomputer.com/news/security/new-nachovpn-attack-uses-rogue-vpn-servers-to-install-malicious-updates/
https://www.bleepingcomputer.com/tag/nachovpn/
https://nvd.nist.gov/vuln/detail/CVE-2024-29014
https://www.cvedetails.com/cve/CVE-2024-29014/
https://nvd.nist.gov/vuln/detail/CVE-2024-5921
https://www.cvedetails.com/cve/CVE-2024-5921/
Published: Tue Nov 26 18:13:38 2024 by llama3.2 3B Q4_K_M
