CVE-2024-53704
SonicWall SonicOS SSLVPN Improper Authentication V - [Actively Exploited]
Description
An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.
INFO
Published Date :
Jan. 9, 2025, 7:15 a.m.
Last Modified :
Feb. 19, 2025, 3:33 p.m.
Source :
[email protected]
Remotely Exploitable :
Yes !
Impact Score :
5.9
Exploitability Score :
3.9
CISA KEV (Known Exploited Vulnerabilities)
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.
SonicWall SonicOS contains an improper authentication vulnerability in the SSLVPN authentication mechanism that allows a remote attacker to bypass authentication.
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003 ; https://nvd.nist.gov/vuln/detail/CVE-2024-53704
Public PoC/Exploit Available at Github
CVE-2024-53704 has a 8 public PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
Affected Products
The following products are affected by CVE-2024-53704
vulnerability.
Even if cvefeed.io is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2024-53704.
| URL | Resource |
|---|---|
| https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003 | Vendor Advisory |
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
wy876
Python
wy876 POC
备份的漏洞库,3月开始我们来维护
2023HW漏洞整理,收集整理漏洞EXp/POC,大部分漏洞来源网络,目前收集整理了300多个poc/exp,长期更新。
漏洞文库 wiki.wy876.cn
HTML
demonstriert, wie mittels missbräuchlicher Nutzung eines Swap-Cookies eine VPN-Session übernommen werden kann. Wichtig: Dieses Projekt dient ausschliesslich zu Bildungs- und Forschungszwecken – bitte nur in Umgebungen verwenden, in denen Du explizit authorisiert bist.
Python
A repo for output of an intrusion prediction project
Jupyter Notebook
Ostorlab KEV: One-command to detect most remotely known exploitable vulnerabilities. Sourced from CISA KEV, Google's Tsunami, Ostorlab's Asteroid and Bug Bounty programs.
cisa-kev vulnerability 0day cisa exploits
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2024-53704 vulnerability anywhere in the article.
-
TheCyberThrone
SonicWall impacted by CVE-2025-23009 and CVE-2025-23010
Two vulnerabilities, CVE-2025-23009 and CVE-2025-23010, affecting the SonicWall NetExtender Windows Client, have been disclosed. These vulnerabilities pose medium risks but highlight the importance of ... Read more
-
Cyber Security News
Cybersecurity Weekly Recap: Key Updates on Attacks, Vulnerabilities, & Data Breaches
Welcome to this week’s Cybersecurity Newsletter, providing you with the latest updates and essential insights from the rapidly evolving field of cybersecurity. Keeping updated is essential in the rapi ... Read more
-
Cyber Security News
SonicWall Firewall Vulnerability Exploited to Gain Unauthorized Network Access
Attackers are actively exploiting a critical authentication bypass vulnerability in SonicWall firewalls to gain unauthorized network access. The vulnerability tracked as CVE-2024-53704, with a critica ... Read more
-
The Register
Malware variants that target operational tech systems are very rare – but 2 were found last year
Two new malware variants specifically designed to disrupt critical industrial processes were set loose on operational technology networks last year, shutting off heat to more than 600 apartment buildi ... Read more
-
The Register
Ivanti endpoint manager can become endpoint ravager, thanks to quartet of critical flaws
Security engineers have released a proof-of-concept exploit for four critical Ivanti Endpoint Manager bugs, giving those who haven't already installed patches released in January extra incentive to re ... Read more
-
security.nl
Securitybedrijf publiceert exploit voor kritiek lek in duizenden SonicWall-firewalls
Securitybedrijf Bishop Fox heeft een exploit voor een kritieke kwetsbaarheid in firewalls van fabrikant SonicWall gepubliceerd waardoor ruim vierduizend apparaten risico lopen te worden aangevallen. E ... Read more
-
BleepingComputer
SonicWall firewall exploit lets hackers hijack VPN sessions, patch now
Security researchers at Bishop Fox have published complete exploitation details for the CVE-2024-53704 vulnerability that allows bypassing the authentication mechanism in certain versions of the Sonic ... Read more
-
Help Net Security
Apple zero-day vulnerability exploited to target iPhone users (CVE-2025-24085)
Apple has shipped a fix for a zero-day vulnerability (CVE-2025-24085) that is being leveraged by attackers against iPhone users. About CVE-2025-24085 CVE-2025-24085 is a use after free bug in CoreMedi ... Read more
-
security.nl
'Vijfduizend SonicWall-firewalls bevatten kritiek authenticatie-lek in vpn-functie'
Vijfduizend firewalls van fabrikant SonicWall bevatten een kritiek authenticatie-lek in de vpn-functie, zo stelt securitybedrijf Bishop Fox op basis van eigen onderzoek. SonicWall kwam op 7 januari me ... Read more
-
Help Net Security
5,000+ SonicWall firewalls still open to attack (CVE-2024-53704)
5,000+ SonicWall firewalls are still vulnerable to attack via a high-severity vulnerability (CVE-2024-53704) that, according to SonicWall, should be considered “at imminent risk of exploitation”. The ... Read more
-
BleepingComputer
SonicWall warns of SMA1000 RCE flaw exploited in zero-day attacks
SonicWall is warning about a pre-authentication deserialization vulnerability in SonicWall SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), with reports that it has bee ... Read more
-
TheCyberThrone
TheCyberThrone Security Weekly Review – January 11, 2025
Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the week ending Saturday, January 11, 2025.Redis was affected by CV ... Read more
-
TheCyberThrone
Chinese MirrorFace APT targets Japan
The MirrorFace Advanced Persistent Threat (APT) group, also known as Earth Kasha, has been linked to a series of cyber-attacks targeting Japan. These attacks have been ongoing since 2019 and have prim ... Read more
-
TheCyberThrone
CVE-2024-5594 impacts OpenVPN
CVE-2024-5594 is a critical vulnerability identified in OpenVPN versions prior to 2.6.11. This vulnerability stems from improper sanitization of PUSH_REPLY messages, which allows attackers to inject u ... Read more
-
TheCyberThrone
CVE-2024-49415 : Samsung Android devices Impacted
CVE-2024-49415 is a critical vulnerability found in Samsung devices running Android versions 12, 13, and 14. This vulnerability was discovered by researchers from Google Project Zero, a team dedicated ... Read more
-
TheCyberThrone
CVE-2024-53704 impacts SonicWall
CVE-2024-53704 is a high-severity vulnerability impacting SonicWall’s SSLVPN authentication mechanism. This flaw, with a CVSS score of 8.2, allows remote attackers to bypass authentication and gain un ... Read more
The following table lists the changes that have been made to the
CVE-2024-53704 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Initial Analysis by [email protected]
Feb. 19, 2025
Action Type Old Value New Value Added CVSS V3.1 NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Added CPE Configuration AND OR *cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:* versions from (including) 7.1.1-7040 up to (including) 7.1.1-7058 *cpe:2.3:o:sonicwall:sonicos:7.1.2-7019:*:*:*:*:*:*:* OR cpe:2.3:h:sonicwall:nsa_2700:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:nsa_3700:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:nsa_4700:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:nsa_5700:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:nsa_6700:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:nssp_10700:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:nssp_11700:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:nssp_13700:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:nssp_15700:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:nsv_270:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:nsv_470:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:nsv_870:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:tz270:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:tz270w:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:tz370:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:tz370w:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:tz470:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:tz470w:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:tz570:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:tz570p:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:tz570w:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:tz670:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:sonicwall:sonicos:8.0.0-8035:*:*:*:*:*:*:* OR cpe:2.3:h:sonicwall:tz80:-:*:*:*:*:*:*:* Changed Reference Type https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003 No Types Assigned https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003 Vendor Advisory -
CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725
Feb. 19, 2025
Action Type Old Value New Value Added Date Added 2025-02-18 Added Due Date 2025-03-11 Added Required Action Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Added Vulnerability Name SonicWall SonicOS SSLVPN Improper Authentication Vulnerability -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Feb. 18, 2025
Action Type Old Value New Value Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Feb. 18, 2025
Action Type Old Value New Value Removed CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Feb. 18, 2025
Action Type Old Value New Value Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H Removed CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Jan. 09, 2025
Action Type Old Value New Value Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H -
New CVE Received by [email protected]
Jan. 09, 2025
Action Type Old Value New Value Added Description An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication. Added CWE CWE-287 Added Reference https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2024-53704 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2024-53704
weaknesses.