Back to KEVs

CVE-2024-53704

An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.

Basic Information

CVE State: PUBLISHED
Reserved Date: November 22, 2024
Published Date: January 09, 2025
Last Updated: February 19, 2025
Vendor: SonicWall
Product: SonicOS
Description: An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.

CVSS Scores

SSVC Information

Exploitation: active
Automatable: Yes
Technical Impact: partial

Exploit Status

Exploited in the Wild: Yes (added 2025-02-18 00:00:00 UTC) Source
Proof of Concept Available: Yes (added 2025-02-11 20:43:23 UTC) Source

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003

Known Exploited Vulnerability Information

Source	Added Date
CISA	2025-02-18 00:00:00 UTC

Scanner Integrations

Scanner	URL	Date Detected
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-53704.yaml	2025-04-26 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

istagmbh/CVE-2024-53704

Type: github • Created: 2025-02-11 20:43:23 UTC • Stars: 2

demonstriert, wie mittels missbräuchlicher Nutzung eines Swap-Cookies eine VPN-Session übernommen werden kann. Wichtig: Dieses Projekt dient ausschliesslich zu Bildungs- und Forschungszwecken – bitte nur in Umgebungen verwenden, in denen Du explizit authorisiert bist.