SonicWall SonicOS SSL VPN firewalls have a critical (CVSS 9.8) Improper Authentication vulnerability [CVE-2024-53704] that allows attackers to bypass authentication and gain unauthorized network access.
On February 18, 2025, CISA added CVE-2024-53704 to its Known Exploited Vulnerabilities Catalog. SonicWall released patches for this vulnerability in January 2025.
SonicWall's SSL VPN features provide secure remote access to a network using the NetExtender client. NetExtender is an SSL VPN client for Windows, or Linux users that is downloaded transparently. It allows you to run any application securely on the network and uses Point-to-Point Protocol (PPP).
See the resource center.
News
- January 7, 2025: SonicWall releases guidance on multiple vulnerabilities, including CVE-2024-53704.
- February 7, 2025: OSINT reports related to the flaw indicate that close to 4,500 internet-facing SonicWall SSL VPN firewalls had not been patched against CVE-2024-53704.
Feedback
0 comments
Please sign in to leave a comment.