Exposures › CVE-2024-53704
CVE-2024-53704
SonicWall SonicOS SSLVPN bypassed authentication allowing remote attackers to bypass login.
A remote attacker could bypass authentication on SonicWall SonicOS SSLVPN, enabling unauthorized access to networks. DIB orgs must ensure SSLVPN configurations are patched and monitored, as this flaw directly undermines access controls and could lead to data exfiltration or ransomware deployment.
Shame score — An authentication bypass in a widely deployed firewall/VPN product is highly avoidable and directly enables lateral movement and data theft.
Players implicated
Description
SonicWall SonicOS contains an improper authentication vulnerability in the SSLVPN authentication mechanism that allows a remote attacker to bypass authentication.
Affected FedRAMP products 0 in the catalog
No correlated FedRAMP products.