You're listening to the Cyberwire Network, powered by N2K.

AI adoption is exploding, and security teams are under pressure to keep up.

That's why the industry is coming together at the Datasec AI conference,

the premier event for cybersecurity data and AI leaders, hosted by data security leader,

Saira.

Built for the industry, by the industry, this two-day conference is where real-world insights and bold solutions take center stage.

Datasek AI 25 is happening November 12th and 13th in Dallas.

There's no cost to attend.

Just bring your perspective and join the conversation.

Register now at Datasek AI 2025.com backslash cyberwire.

Thank you. dot com backslash cyberwire. Hello everyone and welcome to the CyberWire's research Saturday.

I'm Dave Bittner and this is our weekly conversation with researchers and analysts

tracking down the threats and vulnerabilities, solving some of the hard problems and protecting

ourselves in a rapidly evolving cyberspace. Thanks for joining us.

We're diving into this because we were interested in getting more familiar with the Sonic Wall Next Generation Firewall Platform, Sonic OS.

It's been the subject of a lot of vulnerabilities in the past, and we wanted to be prepared to be able to research in the platform, you know, whenever anything new came out.

That's John Williams, senior security engineer at Bishop Fox.

The research we're discussing today is titled Sonic Wall Firewalls are publicly exploitable.

And so in order to do that, I went back and looked through the history of all the different advisories that had been released, looking for things that were unauthenticated, had a

potential for remote code execution, and didn't have a known proof of concept. And the one bug that jumped out at me was this one from 2022, which met all those criteria.

So I figured it was a good research target and dove in to see if we could exploit it.

And we're pretty successful in the end.

...