Skip to content
Aikido Exploit and Its Impact on SonicWall Capture Client

Aikido Exploit and Its Impact on SonicWall Capture Client


On December 7, 2022, a SafeBreach security researcher disclosed a vulnerability dubbed “ Aikido ,” with subsequent proof-of-concept (POC) exploit code that can potentially turn EDR agents running on Microsoft Windows endpoints into malicious data wipers.

The exploit has been confirmed to work with six vulnerable EDR products, including the SentinelOne Agent for Microsoft Windows. SonicWall Capture Client leverages the SentinelOne Agent to deliver advanced endpoint protection.

The SonicWall Product Security & Incident Response Team (PSIRT) is not aware of active exploitation in the wild. While reports of a proof of concept have been made public by the SafeBreach researcher, malicious use of this vulnerability has not been reported to SonicWall.


The Aikido exploit affects SonicWall Capture Client users with SentinelOne Agent for Windows on all versions older than 22.3.


SentinelOne has released a policy override that can be enabled on affected endpoints running versions, or to fix the vulnerability. SonicWall has applied this policy override to all affected endpoints running SonicWall Capture Client.


SentinelOne released a Security Notice on December 9, 2022, confirming that the vulnerability exploited by Aikido was fixed in their SentinelOne Agent 22.3 for Windows. However, this agent is currently only in Early Availability.

SonicWall has promoted this version as a SonicWall-managed release, which will trigger an automatic update for all endpoints configured with a SonicWall-managed release as part of the Client policy .

Customers managing endpoints with a Self-Managed release older than SentinelOne Agent for Windows are recommended to upgrade to the latest SonicWall-managed release for the SentinelOne Agent for Windows.


Next article SonicWall Win - CRN 2022 Tech Innovators Award

More SonicWall News Posts

  • Product Security Notice:  SONICWALL SSL-VPN SMA100 Series Vulnerabilities
    December 7, 2023 Esther McNally

    Product Security Notice: SONICWALL SSL-VPN SMA100 Series Vulnerabilities

    SONICWALL SSL-VPN SMA100 version 10.X is affected by multiple vulnerabilities Overview CVE-2023-44221: Post Authentication OS Command Injection Vulnerability (CVSS Score: 7.2) Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege...

    Read now
  • Turn On Your MFA
    November 9, 2023 Esther McNally

    Turn On Your MFA

    With millions of stolen credentials currently up for sale, the time for stronger authentication is now. In “Star Trek: The Next Generation,” Jean-Luc Picard famously said, “It is possible to commit no mistakes and still lose.” This applies to many...

    Read now
  • Password Pro Tips
    November 7, 2023 Esther McNally

    Password Pro Tips

    A solid password is instrumental to keeping your important accounts and information safeguarded. October is typically associated with pumpkin spice lattes, college football, crunching leaves underfoot and ghostly fun, but did you know it’s also Cybersecurity Awareness Month? This is...

    Read now