Connect with us

Tech News

NachoVPN Attack Risks Risks Corporate VPN Clients

Published

3 months ago

on

Latest Hacking News

Researchers have discovered a new attack strategy that allows malicious updates to be installed on target systems. Known as “NachoVPN,” this attack specifically targets corporate clients like Palo Alto and SonicWall SSL-VPN clients by exploiting unpatched vulnerabilities.

NachoVPN Attack Enables Malicious Updates

A new attack technique, called NachoVPN, has been demonstrated by researchers from Amberwolf targeting corporate VPN clients. This attack allows threat actors to deceive corporate VPN clients into connecting to rogue endpoints, ultimately enabling them to carry out various malicious activities, including stealing login credentials from the targeted systems.

The attack is effective against most corporate VPN clients, which the researchers have labeled as “Very Pwnable Networks.” In their research, SonicWall NetExtender and Palo Alto Networks GlobalProtect VPN were used as examples. The attack requires the adversary to trick the target user into connecting to an attacker-controlled endpoint through phishing or social engineering. Once successful, the attackers can gain elevated privileges to execute arbitrary codes and conduct other harmful actions.

The researchers have shared technical details about the vulnerability exploits in separate advisories for SonicWall and Palo Alto clients. Watch the video below from HackFest Hollywood 2024 for more information on the “Very Pwnable Networks” targeted by NachoVPN.

The NachoVPN tool has also been released on GitHub for community testing. This tool is compatible with more VPN clients, including Cisco AnyConnect, in addition to the VPNs showcased in the study.

Following the disclosure, the vendors have issued patches to mitigate the vulnerabilities. SonicWall addressed the SSL VPN NetExtender vulnerability (CVE-2024-29014) with the NetExtender Windows (32 and 64 bit) 10.2.341 update. Similarly, Palo Alto Networks fixed the GlobalProtect app vulnerability (CVE-2024-5921) with the GlobalProtect App 6.2.6 and higher releases.

See also  Super Bowl LIX venue officially declared a ‘no drone zone’

Although there was a delay in addressing the issues, the patches are now accessible to users. It is crucial for all users to update their devices promptly to safeguard against potential threats.

We welcome your thoughts in the comments section.

Related Topics:
Continue Reading

Trending