Exposures › CVE-2024-53704

CVE-2024-53704

Severity
critical · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2025-02-18
Reference
⌖ exploited in the wild shame 78/100 ransomwareexploited-in-wildunpatchedauth-bypass

SonicWall SonicOS SSLVPN bypassed authentication allowing remote attackers to bypass login.

A remote attacker could bypass authentication on SonicWall SonicOS SSLVPN, enabling unauthorized access to networks. DIB orgs must ensure SSLVPN configurations are patched and monitored, as this flaw directly undermines access controls and could lead to data exfiltration or ransomware deployment.

Shame score — An authentication bypass in a widely deployed firewall/VPN product is highly avoidable and directly enables lateral movement and data theft.

Players implicated

Description

SonicWall SonicOS contains an improper authentication vulnerability in the SSLVPN authentication mechanism that allows a remote attacker to bypass authentication.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.