CVE-2024-53704: An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.

9.8 CVSS

Description

An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.

🚨 Marked as known exploited on February 18th, 2025 (2 months ago).

CVSS Base Severity: CRITICAL

CVSS Base Score: 9.8

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vendor: SonicWall

Product: SonicOS

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.48% (scored less or equal to compared to others)

EPSS Date: 2025-02-07 (when was this score calculated)

2025-01-10 00:30:57 UTC
CVE

An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.
2025-02-11 16:45:21 UTC
BleepingComputer

SonicWall firewall exploit lets hackers hijack VPN sessions, patch now
2025-02-18 18:45:11 UTC
CISA KEV

SonicWall SonicOS SSLVPN Improper Authentication Vulnerability
2025-02-18 18:46:41 UTC
🚨 Marked as Known Exploited