🔴 CVE-2024-53704

Authentication bypass vulnerability in SonicWall firewall SSL VPN authentication mechanism allows remote attackers to bypass authentication without credentials. This affects the SSL VPN service which is specifically designed for internet exposure to provide remote access.

← Back to Overview
HIGH_RISK
Risk Level
8.2
CVSS Score
NETWORK
Attack Vector
Initial Access
ATT&CK Tactic
T1133 — External Remote Services
ATT&CK Technique
VERY_HIGH
Deployment Risk
Yes (+471d)
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2025-01-09

Added to CISA KEV: 2025-02-18 40 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2024-53704 is a high-severity authentication bypass vulnerability affecting the SSL VPN component of SonicWall SonicOS [3] [7].

Exploitation and Threat Actor Activity
  • Active Exploitation: While SonicWall initially reported no evidence of exploitation in the wild, this changed shortly after technical details and proof-of-concept (PoC) code were publicly disclosed by researchers at Bishop Fox in February 2025 [1] [2]. Following the release of the PoC, security firms observed active exploitation attempts in the wild [3].
  • CISA Status: The vulnerability has been added to the Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) catalog [6]?trk=article-ssr-frontend-pulse_little-text-block?kagi_q=CVE-2024-53704+details+exploitation+impact+patch+status.
Attack Method and Requirements
  • Method: The vulnerability allows for SSL VPN session hijacking [1]. An attacker can bypass authentication by using a specially crafted cookie to hijack an active, legitimate SSL VPN session [2] [5].
  • Requirements: It is a remote, unauthenticated attack, meaning no user interaction is required from the victim [5]. While the initial discovery required significant reverse-engineering, the resulting exploit is considered trivial to execute [1].
Impact of Successful Exploitation
An attacker who successfully hijacks an active SSL VPN session can perform several unauthorized actions, including:
  • Reading the user’s Virtual Office bookmarks.
  • Obtaining a client configuration profile for NetExtender.
  • Opening a VPN tunnel to access private networks available to the hijacked account.
  • Terminating the legitimate user’s connection by logging out the session [5].
Patch and Mitigation Status
  • Patch Status: SonicWall released security updates to address this vulnerability on January 7, 2025 [2] [5].
  • Mitigation: Organizations using affected SonicWall devices are urged to apply the available patches immediately, as the ease of exploitation and the severity of the impact make it a highly attractive target for threat actors [4].

Sources

  1. SonicWall CVE-2024-53704: SSL VPN Session Hijacking | Bishop Fox

    Security researchers have exploited CVE-2024-53704, an authentication bypass affecting the SSL VPN component of unpatched SonicWall ... Security researchers have exploited CVE-2024-53704, an authentication bypass affecting the SSL VPN component of unpatched SonicWall firewalls. Watch demo!In the ini…

  2. CVE-2024-53704: SonicWall Session Hijack · GOTT Labs

    On January 7, 2025, SonicWall released patches for CVE-2024-53704, an authentication bypass vulnerability in their SSL VPN implementation that lets attackers hijack active VPN sessions with nothing more than a crafted cookie. The vendor initially reported no exploitation in the wild. That changed fa…

  3. Bishop Fox | SonicWall-CVE2024-53704: Exploit Details

    Severe Impact with Simple Execution: CVE-2024-53704 allows attackers to completely bypass authentication and hijack any active SSL VPN session on unpatched SonicWall firewalls.Urgent Remediation Required: Organizations using SonicWall devices should immediately apply available patches, as the ease o…

  4. CVE-2024-53704 | Arctic Wolf

    A high-severity authentication bypass vulnerability caused by a flaw in the SSLVPN authentication mechanism in SonicOS, the operating system used by SonicWall ... Bishop Fox published technical details and proof-of-concept (PoC) exploit code for CVE-2024-53704, a high-severity authentication bypass…

  5. SonicOS SSL VPN Authentication Bypass Vulnerability (CVE-2024 ...

    On 07/01/2025 SonicWall issued security updates addressing multiple vulnerabilities in their NGFW products including CVE-2024-53704, ... Successful exploitation of CVE-2024-53704 could allow a remote, unauthenticated attacker to bypass authentication and hijack a legitimate SSL VPN session. Research…

  6. CVE-2024-53704 Detail - NVD

    An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.

  7. CVE-2024-53704: SonicWall SonicOS Auth Bypass Vulnerability

    CVE-2024-53704 is an authentication bypass vulnerability in SonicWall SonicOS SSLVPN that allows remote attackers to bypass authentication mechanisms. This article covers the technical details, affected versions, and mitigation.Critical Impact. This vulnerability permits unauthorized access, potenti…

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed