Researchers have discovered vulnerabilities in the update process of Palo Alto Networks (CVE-2024-5921) and SonicWall (CVE-2024-29014) corporate VPN clients that could be exploited to remotely execute code on users’ devices. CVE-2024-5921 CVE-2024-5921 affects various versions of Palo Alto’s GlobalProtect App on Windows, macOS and Linux, and stems from insufficient certification validation. It enables attackers to connect the GlobalProtect app to arbitrary servers, the company confirmed, and noted that this may result in attackers installing malicious … More
The post Researchers reveal exploitable flaws in corporate VPN clients appeared first on Help Net Security.
