Home

Description

An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.

PUBLISHED Reserved 2024-11-22 | Published 2025-01-09 | Updated 2025-10-21 | Assigner sonicwall

CISA Known Exploited Vulnerability

Date added 2025-02-18 | Due date 2025-03-11

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Problem types

CWE-287 Improper Authentication

Product status

Default status
unknown

7.1.1-7058 and older versions
affected

7.1.2-7019
affected

8.0.0-8035
affected

Credits

Daan Keuper, Thijs Alkemade and Khaled Nassar of Computest Security through Trend Micro (Zero Day Initiative) reporter

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003 vendor-advisory

cve.org (CVE-2024-53704)

nvd.nist.gov (CVE-2024-53704)

Download JSON