Security News > 2024 > November > Researchers reveal exploitable flaws in corporate VPN clients
2024-11-26 15:33
Researchers have discovered vulnerabilities in the update process of Palo Alto Networks (CVE-2024-5921) and SonicWall (CVE-2024-29014) corporate VPN clients that could be exploited to remotely execute code on users’ devices. CVE-2024-5921 CVE-2024-5921 affects various versions of Palo Alto’s GlobalProtect App on Windows, macOS and Linux, and stems from insufficient certification validation. It enables attackers to connect the GlobalProtect app to arbitrary servers, the company confirmed, and noted that this may result in attackers installing malicious … More → The post Researchers reveal exploitable flaws in corporate VPN clients appeared first on Help Net Security.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-27 | CVE-2024-5921 | An insufficient certification validation issue in the Palo Alto Networks GlobalProtect app enables attackers to connect the GlobalProtect app to arbitrary servers. | 0.0 |
| 2024-07-18 | CVE-2024-29014 | Unspecified vulnerability in Sonicwall Netextender Vulnerability in SonicWall SMA100 NetExtender Windows (32 and 64-bit) client 10.2.339 and earlier versions allows an attacker to arbitrary code execution when processing an EPC Client update. | 8.8 |