"By targeting the implicit trust VPN clients place in servers, attackers can manipulate client behaviors, execute arbitrary commands, and gain high levels of access with minimal effort," AmberWolf said in an analysis.
"In a hypothetical attack scenario, this plays out in the form of a rogue VPN server that can trick the clients into downloading malicious updates that can cause unintended consequences."
"The identified flaws are CVE-2024-5921, with a CVSS score of 5.6, affecting Palo Alto Networks GlobalProtect, and CVE-2024-29014, with a score of 7.1, affecting SonicWall SMA100 NetExtender."
Collection
[
|
...
]