CVE-2024-53704
CVE-2024-53704
In short
A flaw in the SSL VPN login process allows attackers to skip authentication checks and gain unauthorized access to the VPN. This is critical because it lets intruders enter the system without a valid password or credentials.
Technical detail
An improper authentication vulnerability (CWE-287) in the SSLVPN mechanism permits remote attackers to bypass authentication controls without valid credentials. The attack vector is network-based with no authentication required, resulting in unauthorized access to protected resources and potential lateral movement within the network.
Summary generated and translated by AI from the official description.
An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Affected products
SonicWall · SonicOSpublic PoCs found — 3
githubgithub.com/istagmbh/CVE-2024-53704★ 2githubgithub.com/sfewer-r7/SonicSessionLeak★ 0githubgithub.com/anir0y/sonicwall-audit-toolkit★ 0⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →