CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-53704

Critical Severity
Sonicwall
SVRS
89/100
CVSSv3
9.8/10
EPSS
0.93609/1

CVE-2024-53704 is a critical vulnerability that allows attackers to bypass SSLVPN authentication. This Improper Authentication flaw enables unauthorized remote access, posing a significant risk to network security. With a SOCRadar Vulnerability Risk Score (SVRS) of 89, this vulnerability is deemed critical, requiring immediate attention and remediation. The high SVRS reflects the presence of active exploits, vendor advisories, its inclusion in the CISA KEV catalog, and public exploit availability, increasing the likelihood of exploitation. Attackers could gain full access to systems and data behind the VPN without valid credentials. The severity is further highlighted by its high CVSS score of 9.8, making it a top priority for security teams.

TAGS
In The Wild
Vendor-advisory
CISA KEV
Exploit Avaliable
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:H
I:H
A:H
PUBLICATION DATE2025-01-09
LAST MODIFIED2025-02-19
Eye Icon
SOCRadar
AI Insight

Description

Unfortunately, the provided CVE data is incomplete and lacks crucial information, including the CVSS score, description, modification date, publication date, and SVRS score. Without this data, it's impossible to provide a comprehensive analysis of the vulnerability, its severity, and associated threats.

Key Insights

Due to the lack of information, we cannot provide key insights regarding the vulnerability's nature, potential impact, or its exploitation status.

Mitigation Strategies

Without a description and understanding of the vulnerability, we cannot recommend specific mitigation strategies.

Additional Information

Since we lack the necessary information about CVE-2024-53704, we cannot provide details about threat actors, exploit status, CISA warnings, or its presence in the wild.

If you have additional queries regarding this incident, please use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

TitleSoftware LinkDate
SonicWall SonicOS SSLVPN Improper Authentication Vulnerabilityhttps://www.cisa.gov/search?g=CVE-2024-537042025-02-18
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

Sonicwall Issues Warning Over Security Flaws in Netextender Windows Client - chapelallertontoday.co.uk
2025-04-11
Sonicwall Issues Warning Over Security Flaws in Netextender Windows Client - chapelallertontoday.co.uk | News Content: Sonicwall has issued a security advisory concerning multiple vulnerabilities discovered in its Netextender VPN client for Windows. The flaws could allow attackers to escalate their privileges and compromise system integrity. According to the statement from Sonicwall developers, the vulnerabilities specifically affect the SSL-VPN software Netextender, with the Windows client being the primary concern. Both the 32-bit and 64-bit versions are impacted. The most critical vulnerability stems from inadequate permission management, which allows users with low-level privileges to alter configurations (CVE-2025-23008). This
google.com
rss
forum
news
SonicWall Firewall Vulnerability Exploited to Gain Unauthorized Network Access
Guru Baran2025-04-03
SonicWall Firewall Vulnerability Exploited to Gain Unauthorized Network Access | Attackers are actively exploiting a critical authentication bypass vulnerability in SonicWall firewalls to gain unauthorized network access. The vulnerability tracked as CVE-2024-53704, with a critical CVSS score of 9.8, allows remote attackers to hijack active SSL VPN sessions without requiring authentication. Security researchers at Bishop Fox have thoroughly documented how the flaw in SonicWall’s SonicOS […] The post SonicWall Firewall Vulnerability Exploited to Gain Unauthorized Network Access appeared
cybersecuritynews.com
rss
forum
news
SonicWall Firewall Vulnerability Enables Unauthorized Access
Divya2025-04-03
SonicWall Firewall Vulnerability Enables Unauthorized Access | Researchers from Bishop Fox have successfully exploited CVE-2024-53704, an authentication bypass vulnerability that affects SonicWall firewalls. This critical flaw allows remote attackers to hijack active SSL VPN sessions, enabling unauthorized network access without requiring user credentials. If left unpatched, the vulnerability poses significant risks to organizations relying on SonicWall devices for their network security. CVE-2024-53704: The [&#8230;] The post SonicWall Firewall Vulnerability Enables Unauthorized Access appeared first on <a href
gbhackers.com
rss
forum
news
Focus Friday: Third-Party Risks In PostgreSQL and Zimbra Vulnerabilities
Ferdi Gül2025-04-01
Focus Friday: Third-Party Risks In PostgreSQL and Zimbra Vulnerabilities | Written by: Ferdi Gül This week’s Focus Friday blog highlights two critical vulnerabilities impacting enterprise systems: CVE-2025-1094 in PostgreSQL and CVE-2023-34192 in Zimbra Collaboration Suite (ZCS). These vulnerabilities pose significant risks to third-party ecosystems, potentially leading to SQL injection attacks in PostgreSQL and Cross-Site Scripting (XSS) exploits in Zimbra. As organizations continue to rely on [&#8230;] The post Focus Friday: Third-Party Risks In PostgreSQL and Zimbra
normshield.com
rss
forum
news
Tageszusammenfassung - 17.02.2025
CERT.at2025-04-01
Tageszusammenfassung - 17.02.2025 | End-of-Day report Timeframe: Freitag 14-02-2025 18:00 - Montag 17-02-2025 18:00 Handler: Alexander Riepl Co-Handler: Michael Schlagenhaufer News SonicWall firewalls now under attack: Patch ASAP or risk intrusion via your SSL VPN Miscreants are actively abusing a high-severity authentication bypass bug in unpatched internet-facing SonicWall firewalls following the public release of proof-of-concept exploit code. The vulnerability, tracked as CVE-2024-53704, is a flaw in the SSL VPN authentication
cert.at
rss
forum
news
CVE-2024-53704 | SonicWALL SonicOS SSL VPN improper authentication (SNWLID-2025-0003 / Nessus ID 232198)
vuldb.com2025-03-07
CVE-2024-53704 | SonicWALL SonicOS SSL VPN improper authentication (SNWLID-2025-0003 / Nessus ID 232198) | A vulnerability was found in SonicWALL SonicOS and classified as critical. This issue affects some unknown processing of the component SSL VPN. The manipulation leads to improper authentication. The identification of this vulnerability is CVE-2024-53704. The attack may be initiated remotely. Furthermore, there is an exploit available
vuldb.com
rss
forum
news
13th January – Threat Intelligence Report
[email protected]2025-03-01
13th January – Threat Intelligence Report | For the latest discoveries in cyber research for the week of 13th January, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The International Civil Aviation Organization (ICAO), that is part of the UN, confirmed a compromise of its recruitment database that exposed 42,000 recruitment applications. The data contains records from April 2016 to [&#8230;] The post 13th January – Threat Intelligence Report appeared first on Check Point Research
cve-2025-0242
cve-2025-0244
cve-2024-53704
cve-2025-0282

Social Media

🚨 SonicWall CVE-2024-53704 is now actively exploitable. 🔒 Update firmware or disable/limit SSL VPN ASAP. 👉 Read article for full detail: https://t.co/R7Re4vwsM1 #CyberSecurity #SonicWall #CVE202453704 #PatchNow https://t.co/EMYn53fu8y
0
0
0
🚨 SonicWall Firewall Vulnerability Alert 🚨 CVE-2024-53704 allows attackers to hijack SSL VPN sessions and access private networks. 🔓 🔧 Fix: Patch ASAP with SonicOS 7.1.3-7015+ or 8.0.0-8037+ https://t.co/69VQA0zfeo ⚠️ Act fast – Over 11,000 vulnerable devices detected! https://t.co/csXNKZ2nru
0
0
0
⚠️ Vulnerability Alert: SonicWall Firewall Authentication Bypass Vulnerability 📅 Timeline: Disclosure: 2025-01-09, Patch: TBD 📌 Attribution: SonicWall 🆔cveId: CVE-2024-53704 📊baseScore: 9.8 📏cvssMetrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0
0
0
SonicWall-CVE-2024-53704: Exploit Details https://t.co/M3BHSlo6UK
1
2
2
A critical SonicWall vulnerability (CVE-2024-53704) puts your network at risk by allowing unauthorized access without login! Check out this blog post to learn how to protect your network. https://t.co/JLxAh1AtjL #ctstechnologysolutions #cybersecurity #sonicwall #sonicOS
0
0
0
SonicWall has released security updates addressing a critical vulnerability (CVE-2024-53704) affecting their SonicOS software. Users and administrators of affected products are advised to update to the latest versions immediately. Read the alert here: https://t.co/41Qcn1u5gY https://t.co/93MYbbQaSJ
0
0
0
SonicWall CVE-2024-53704 : SSL VPN Session Hijacking : https://t.co/K2mxcMTTZq
0
0
2
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2024-53704 #SonicWall #SonicOS SSLVPN Improper Authentication Vulnerability https://t.co/2h2DgsKDFU
0
0
0
🚨 Two critical vulnerabilities in Palo Alto Networks PAN-OS and SonicWall SonicOS SSLVPN are actively exploited, now added to CISA's KEV catalog. CVE-2025-0108 allows unauthenticated attackers to bypass PAN-OS security, while CVE-2024-53704 compromises SSLVPN authentication.
0
1
1
🚨 CISA just added 2 critical flaws to their exploited list: Palo Alto's PAN-OS (CVE-2025-0108) &amp; SonicWall's SSLVPN (CVE-2024-53704). Patch ASAP! US, Germany, Netherlands are top attack sources. Stay safe, folks! #Cybersecurity #Vulnerability #PatchNow #AI
0
0
1

Affected Software

Configuration 1
TypeVendorProduct
OSSonicwallsonicos

References

ReferenceLink
[email protected]https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003

CWE Details

CWE IDCWE NameDescription
CWE-287Improper AuthenticationWhen an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence