Server-Side Request Forgery in SonicWall SonicOS SSH Management Interface
CVE-2024-53705

Currently unrated

Key Information:

Vendor: Sonicwall
Status: Sonicos
Vendor: CVE Published:; 9 January 2025

Summary

A vulnerability in the SonicOS SSH management interface allows remote attackers to exploit Server-Side Request Forgery. This flaw enables an attacker to create a TCP connection to any IP address on any port while a user is logged into the firewall, potentially leading to unauthorized access and further compromise of the network.

Affected Version(s)

SonicOS Gen7 Hardware 6.5.4.15-117n and older versions

SonicOS Gen7 Hardware 7.0.1-5161 and older versions

SonicOS Gen7 Hardware 7.1.1-7058 and older versions

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-202...

vendor-advisory

Timeline

Vulnerability published
Jan 9, 2025
Vulnerability Reserved
Nov 22, 2024

Credit

Daan Keuper, Thijs Alkemade and Khaled Nassar of Computest Security through Trend Micro (Zero Day Initiative)