CVE-2024-53705 | THREATINT

Description

A Server-Side Request Forgery vulnerability in the SonicOS SSH management interface allows a remote attacker to establish a TCP connection to an IP address on any port when the user is logged in to the firewall.

PUBLISHED Reserved 2024-11-22 | Published 2025-01-09 | Updated 2025-01-09 | Assigner sonicwall

Problem types

CWE-918 Server-Side Request Forgery (SSRF)

Product status

Default status

unknown

6.5.4.15-117n and older versions

affected

7.0.1-5161 and older versions

affected

7.1.1-7058 and older versions

affected

7.1.2-7019

affected

8.0.0-8035

affected

Credits

Daan Keuper, Thijs Alkemade and Khaled Nassar of Computest Security through Trend Micro (Zero Day Initiative) reporter

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003 vendor-advisory

cve.org (CVE-2024-53705)

nvd.nist.gov (CVE-2024-53705)

Download JSON