SonicWall Improper Authentication Vulnerability [CVE-2024-53704] Jessica SonicWall SonicOS SSL VPN firewalls have a critical (CVSS 9.8) Improper Authentication vulnerability [CVE-2024-53704] that allows attackers to bypass authentication and gain unauthorized network access. On February 18, 2025, CISA added CVE-2024-53704 to its Known Exploited Vulnerabilities Catalog. SonicWall released patches for this vulnerability in January 2025. SonicWall's SSL VPN features provide secure remote access to a network using the NetExtender client. NetExtender is an SSL VPN client for Windows, or Linux users that is downloaded transparently. It allows you to run any application securely on the network and uses Point-to-Point Protocol (PPP). What To Do Immediately patch SonicWall SonicOS SSLVPN firewalls. The latest patch builds are available for download at mysonicwall.com. If it is not possible to patch, disable SSLVPN immediately. Resources SonicWall Security Advisory NVD - CVE-2024-53704 February 26, 2025: Published. Related articles TLS/SSL Finding Remediation & Remediation Verification How is the Web Application Headers Risk Vector Assessed? SonicWall Improper Authentication Vulnerability [CVE-2024-53704] – February 26, 2025 Pagination Ratings Algorithm Update: Web Application Risk Vectors – February 5, 2025 Feedback 0 comments Please sign in to leave a comment.