SonicWall SonicOS SSL VPN firewalls have a critical (CVSS 9.8) Improper Authentication vulnerability [CVE-2024-53704] that allows attackers to bypass authentication and gain unauthorized network access.
On February 18, 2025, CISA added CVE-2024-53704 to its Known Exploited Vulnerabilities Catalog. SonicWall released patches for this vulnerability in January 2025.
SonicWall's SSL VPN features provide secure remote access to a network using the NetExtender client. NetExtender is an SSL VPN client for Windows, or Linux users that is downloaded transparently. It allows you to run any application securely on the network and uses Point-to-Point Protocol (PPP).
What To Do
Immediately patch SonicWall SonicOS SSLVPN firewalls. The latest patch builds are available for download at mysonicwall.com.
If it is not possible to patch, disable SSLVPN immediately.
Feedback
0 comments
Please sign in to leave a comment.