Known Exploited Vulnerability
9.8
CRITICAL
CVE-2024-53704
SonicWall SonicOS SSLVPN Improper Authentication V - [Actively Exploited]
Description

An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.

INFO

Published Date :

Jan. 9, 2025, 7:15 a.m.

Last Modified :

Feb. 19, 2025, 3:33 p.m.

Remotely Exploitable :

Yes !

Impact Score :

5.9

Exploitability Score :

3.9
CISA Notification
CISA KEV (Known Exploited Vulnerabilities)

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.

Description :

SonicWall SonicOS contains an improper authentication vulnerability in the SSLVPN authentication mechanism that allows a remote attacker to bypass authentication.

Required Action :

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Notes :

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003 ; https://nvd.nist.gov/vuln/detail/CVE-2024-53704

Public PoC/Exploit Available at Github

CVE-2024-53704 has a 8 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2024-53704 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Sonicwall sonicos
2 Sonicwall nsa_2700
3 Sonicwall nsa_3700
4 Sonicwall nsa_4700
5 Sonicwall nsa_5700
6 Sonicwall nsa_6700
7 Sonicwall nssp_10700
8 Sonicwall nssp_11700
9 Sonicwall nssp_13700
10 Sonicwall nsv_270
11 Sonicwall nsv_470
12 Sonicwall nsv_870
13 Sonicwall tz270
14 Sonicwall tz270w
15 Sonicwall tz370
16 Sonicwall tz370w
17 Sonicwall tz470
18 Sonicwall tz470w
19 Sonicwall tz570
20 Sonicwall tz570p
21 Sonicwall tz570w
22 Sonicwall tz670
23 Sonicwall nssp_15700
24 Sonicwall tz80
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2024-53704.

URL Resource
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003 Vendor Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

wy876

Python

Updated: 4 days, 5 hours ago
0 stars 1 fork 1 watcher
Born at : April 11, 2025, 4:25 a.m. This repo has been linked 208 different CVEs too.

wy876 POC

Updated: 2 days, 1 hour ago
250 stars 167 fork 167 watcher
Born at : March 7, 2025, 10:17 a.m. This repo has been linked 201 different CVEs too.

备份的漏洞库,3月开始我们来维护

Updated: 1 day, 21 hours ago
793 stars 262 fork 262 watcher
Born at : March 4, 2025, 2:54 p.m. This repo has been linked 208 different CVEs too.

2023HW漏洞整理,收集整理漏洞EXp/POC,大部分漏洞来源网络,目前收集整理了300多个poc/exp,长期更新。

Updated: 1 month, 1 week ago
0 stars 0 fork 0 watcher
Born at : March 3, 2025, 6:09 a.m. This repo has been linked 177 different CVEs too.

漏洞文库 wiki.wy876.cn

HTML

Updated: 2 days, 19 hours ago
58 stars 48 fork 48 watcher
Born at : Feb. 26, 2025, 9:46 a.m. This repo has been linked 201 different CVEs too.

demonstriert, wie mittels missbräuchlicher Nutzung eines Swap-Cookies eine VPN-Session übernommen werden kann. Wichtig: Dieses Projekt dient ausschliesslich zu Bildungs- und Forschungszwecken – bitte nur in Umgebungen verwenden, in denen Du explizit authorisiert bist.

Python

Updated: 1 month, 2 weeks ago
2 stars 0 fork 0 watcher
Born at : Feb. 11, 2025, 8:43 p.m. This repo has been linked 1 different CVEs too.

A repo for output of an intrusion prediction project

Jupyter Notebook

Updated: 4 days, 13 hours ago
3 stars 0 fork 0 watcher
Born at : Jan. 4, 2025, 1:44 a.m. This repo has been linked 28 different CVEs too.

Ostorlab KEV: One-command to detect most remotely known exploitable vulnerabilities. Sourced from CISA KEV, Google's Tsunami, Ostorlab's Asteroid and Bug Bounty programs.

cisa-kev vulnerability 0day cisa exploits

Updated: 2 weeks ago
562 stars 39 fork 39 watcher
Born at : April 19, 2022, 8:58 a.m. This repo has been linked 1268 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2024-53704 vulnerability anywhere in the article.

  • TheCyberThrone
SonicWall impacted by CVE-2025-23009 and CVE-2025-23010

Two vulnerabilities, CVE-2025-23009 and CVE-2025-23010, affecting the SonicWall NetExtender Windows Client, have been disclosed. These vulnerabilities pose medium risks but highlight the importance of ... Read more

Published Date: Apr 11, 2025 (4 days, 8 hours ago)
  • Cyber Security News
Cybersecurity Weekly Recap: Key Updates on Attacks, Vulnerabilities, & Data Breaches

Welcome to this week’s Cybersecurity Newsletter, providing you with the latest updates and essential insights from the rapidly evolving field of cybersecurity. Keeping updated is essential in the rapi ... Read more

Published Date: Apr 07, 2025 (1 week, 1 day ago)
  • Cyber Security News
SonicWall Firewall Vulnerability Exploited to Gain Unauthorized Network Access

Attackers are actively exploiting a critical authentication bypass vulnerability in SonicWall firewalls to gain unauthorized network access. The vulnerability tracked as CVE-2024-53704, with a critica ... Read more

Published Date: Apr 03, 2025 (1 week, 4 days ago)
  • The Register
Malware variants that target operational tech systems are very rare – but 2 were found last year

Two new malware variants specifically designed to disrupt critical industrial processes were set loose on operational technology networks last year, shutting off heat to more than 600 apartment buildi ... Read more

Published Date: Feb 25, 2025 (1 month, 3 weeks ago)
  • The Register
Ivanti endpoint manager can become endpoint ravager, thanks to quartet of critical flaws

Security engineers have released a proof-of-concept exploit for four critical Ivanti Endpoint Manager bugs, giving those who haven't already installed patches released in January extra incentive to re ... Read more

Published Date: Feb 21, 2025 (1 month, 3 weeks ago)
  • security.nl
Securitybedrijf publiceert exploit voor kritiek lek in duizenden SonicWall-firewalls

Securitybedrijf Bishop Fox heeft een exploit voor een kritieke kwetsbaarheid in firewalls van fabrikant SonicWall gepubliceerd waardoor ruim vierduizend apparaten risico lopen te worden aangevallen. E ... Read more

Published Date: Feb 12, 2025 (2 months ago)
  • BleepingComputer
SonicWall firewall exploit lets hackers hijack VPN sessions, patch now

Security researchers at Bishop Fox have published complete exploitation details for the CVE-2024-53704 vulnerability that allows bypassing the authentication mechanism in certain versions of the Sonic ... Read more

Published Date: Feb 11, 2025 (2 months ago)
  • Help Net Security
Apple zero-day vulnerability exploited to target iPhone users (CVE-2025-24085)

Apple has shipped a fix for a zero-day vulnerability (CVE-2025-24085) that is being leveraged by attackers against iPhone users. About CVE-2025-24085 CVE-2025-24085 is a use after free bug in CoreMedi ... Read more

Published Date: Jan 28, 2025 (2 months, 2 weeks ago)
  • security.nl
'Vijfduizend SonicWall-firewalls bevatten kritiek authenticatie-lek in vpn-functie'

Vijfduizend firewalls van fabrikant SonicWall bevatten een kritiek authenticatie-lek in de vpn-functie, zo stelt securitybedrijf Bishop Fox op basis van eigen onderzoek. SonicWall kwam op 7 januari me ... Read more

Published Date: Jan 28, 2025 (2 months, 2 weeks ago)
  • Help Net Security
5,000+ SonicWall firewalls still open to attack (CVE-2024-53704)

5,000+ SonicWall firewalls are still vulnerable to attack via a high-severity vulnerability (CVE-2024-53704) that, according to SonicWall, should be considered “at imminent risk of exploitation”. The ... Read more

Published Date: Jan 27, 2025 (2 months, 2 weeks ago)
  • BleepingComputer
SonicWall warns of SMA1000 RCE flaw exploited in zero-day attacks

SonicWall is warning about a pre-authentication deserialization vulnerability in SonicWall SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), with reports that it has bee ... Read more

Published Date: Jan 23, 2025 (2 months, 3 weeks ago)
  • TheCyberThrone
TheCyberThrone Security Weekly Review – January 11, 2025

Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the week ending Saturday, January 11, 2025.Redis was affected by CV ... Read more

Published Date: Jan 12, 2025 (3 months ago)
  • TheCyberThrone
Chinese MirrorFace APT targets Japan

The MirrorFace Advanced Persistent Threat (APT) group, also known as Earth Kasha, has been linked to a series of cyber-attacks targeting Japan. These attacks have been ongoing since 2019 and have prim ... Read more

Published Date: Jan 12, 2025 (3 months ago)
  • TheCyberThrone
CVE-2024-5594 impacts OpenVPN

CVE-2024-5594 is a critical vulnerability identified in OpenVPN versions prior to 2.6.11. This vulnerability stems from improper sanitization of PUSH_REPLY messages, which allows attackers to inject u ... Read more

Published Date: Jan 12, 2025 (3 months ago)
  • TheCyberThrone
CVE-2024-49415 : Samsung Android devices Impacted

CVE-2024-49415 is a critical vulnerability found in Samsung devices running Android versions 12, 13, and 14. This vulnerability was discovered by researchers from Google Project Zero, a team dedicated ... Read more

Published Date: Jan 11, 2025 (3 months ago)
  • TheCyberThrone
CVE-2024-53704 impacts SonicWall

CVE-2024-53704 is a high-severity vulnerability impacting SonicWall’s SSLVPN authentication mechanism. This flaw, with a CVSS score of 8.2, allows remote attackers to bypass authentication and gain un ... Read more

Published Date: Jan 11, 2025 (3 months ago)

The following table lists the changes that have been made to the CVE-2024-53704 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Initial Analysis by [email protected]

    Feb. 19, 2025

    Action Type Old Value New Value
    Added CVSS V3.1 NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    Added CPE Configuration AND OR *cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:* versions from (including) 7.1.1-7040 up to (including) 7.1.1-7058 *cpe:2.3:o:sonicwall:sonicos:7.1.2-7019:*:*:*:*:*:*:* OR cpe:2.3:h:sonicwall:nsa_2700:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:nsa_3700:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:nsa_4700:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:nsa_5700:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:nsa_6700:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:nssp_10700:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:nssp_11700:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:nssp_13700:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:nssp_15700:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:nsv_270:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:nsv_470:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:nsv_870:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:tz270:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:tz270w:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:tz370:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:tz370w:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:tz470:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:tz470w:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:tz570:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:tz570p:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:tz570w:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:tz670:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:sonicwall:sonicos:8.0.0-8035:*:*:*:*:*:*:* OR cpe:2.3:h:sonicwall:tz80:-:*:*:*:*:*:*:*
    Changed Reference Type https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003 No Types Assigned https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003 Vendor Advisory
  • CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725

    Feb. 19, 2025

    Action Type Old Value New Value
    Added Date Added 2025-02-18
    Added Due Date 2025-03-11
    Added Required Action Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
    Added Vulnerability Name SonicWall SonicOS SSLVPN Improper Authentication Vulnerability
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Feb. 18, 2025

    Action Type Old Value New Value
    Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Feb. 18, 2025

    Action Type Old Value New Value
    Removed CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Feb. 18, 2025

    Action Type Old Value New Value
    Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
    Removed CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Jan. 09, 2025

    Action Type Old Value New Value
    Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • New CVE Received by [email protected]

    Jan. 09, 2025

    Action Type Old Value New Value
    Added Description An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.
    Added CWE CWE-287
    Added Reference https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2024-53704 is associated with the following CWEs:

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability