CVE-2024-53704

Name of the Vulnerable Software and Affected Versions SonicWall versions prior to 7.1.3-7015 SonicWall versions prior to 8.0.0-8037 SonicOS versions 7.1.x (up to 7.1.1-7058) SonicOS versions 7.0.1 and earlier

Description An improper authentication issue exists in the SSL VPN authentication mechanism of SonicOS. This allows a remote attacker to bypass authentication and potentially hijack active SSL VPN sessions, even with multi-factor authentication enabled. Exploitation of this issue, tracked as CVE-2024-53704, is actively occurring in the wild. Attackers are leveraging this vulnerability to gain unauthorized access to networks, potentially leading to data breaches and ransomware deployment. Approximately 4,500 to 15,900 internet-facing SonicWall SSL VPN servers were initially identified as vulnerable, with over 5,000 remaining unpatched as of recent reports. The Sinobi ransomware group has been observed exploiting this vulnerability, along with other threat actors. The vulnerability stems from an insecure base64 decoding flaw in SSL VPN session cookies.

Recommendations Update SonicOS to version 7.1.3-7015 or later. Update SonicOS to version 8.0.0-8037 or later. If updating is not immediately possible, disable SSL VPN functionality.