Improper Authentication Vulnerability in SSLVPN by SonicWall
CVE-2024-53704

9.8CRITICAL

Key Information:

Vendor
Sonicwall
Status
Vendor
CVE Published:
9 January 2025

Badges

📈 Score: 1,470💰 Ransomware👾 Exploit Exists🟡 Public PoC🟣 EPSS 96%🦅 CISA Reported📰 News Worthy

What is CVE-2024-53704?

CVE-2024-53704 is a significant vulnerability identified in the SSLVPN authentication mechanism of SonicWall products. This flaw relates to improper authentication processes, which allows remote attackers to bypass the authentication controls, potentially compromising the security of affected systems. SonicWall’s SSLVPN is widely utilized for secure remote access to corporate networks, making this vulnerability particularly concerning for organizations that rely on it for remote work and secure connections. The existence of this vulnerability could lead to unauthorized access to sensitive data and resources, posing a serious threat to an organization’s operational integrity.

Technical Details

The vulnerability resides within the authentication mechanism of the SSLVPN products developed by SonicWall. Specifically, it allows an attacker to circumvent the standard authentication procedures that are intended to validate user credentials. While exploitation is reported to be currently unobserved in the wild, the nature of the flaw suggests that if successfully exploited, it could permit an attacker to gain unauthorized access without proper login credentials. This type of vulnerability emphasizes the importance of robust authentication methods in maintaining system integrity and security.

Potential Impact of CVE-2024-53704

  1. Unauthorized Access: The primary risk of this vulnerability is the potential for attackers to gain unauthorized access to corporate networks, which may lead to the theft or manipulation of sensitive data.

  2. Data Breaches: Exploiting this vulnerability could result in significant data breaches, jeopardizing confidential information, customer data, and potentially leading to regulatory penalties.

  3. Network Compromise: Once inside the network, attackers may establish persistence, sowing further chaos by deploying additional malicious software, leading to broader compromise of networked systems.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

SonicOS Gen7 Hardware 7.1.1-7058 and older versions

SonicOS Gen7 Hardware 7.1.2-7019

SonicOS Gen7 Hardware 8.0.0-8035

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

News Articles

SonicWall, Palo Alto Networks flaws under attack, added to CISA list

The critical SonicOS SSLVPN flaw and high-severity PAN-OS flaw both risk authentication bypass.

2 weeks ago

SonicWall, Palo Alto Networks flaws under attack, added to CISA list

The critical SonicOS SSLVPN flaw and high-severity PAN-OS flaw both risk authentication bypass.

3 weeks ago

SonicWall Firewall Authentication Bypass Vulnerability Exploited in Wild Following PoC Release

A critical authentication bypass vulnerability in SonicWall firewalls, tracked as CVE-2024-53704, is now being actively exploited in the wild, cybersecurity firms warn.

3 weeks ago

References

EPSS Score

96% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🦅

    CISA Reported

  • 💰

    Used in Ransomware

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • 📰

    First article discovered by Cyber Security News

  • Vulnerability Reserved

Credit

Daan Keuper, Thijs Alkemade and Khaled Nassar of Computest Security through Trend Micro (Zero Day Initiative)
.