CVE-2024-53704

CISA Known Exploited Vulnerability (KEV)

Name

SonicWall SonicOS SSLVPN Improper Authentication Vulnerability

Exploit added

February 18, 2025

Action due

March 11, 2025

Action required

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.

CWE-ID	CWE Name
CWE-287	Improper Authentication

Source:
NVD

Published:
January 9, 2025

Updated:
February 19, 2025

Base score:
8.2

Severity:

HIGH

Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

Not defined