CVE-2024-53704

CRITICAL CISA KEV EPSS 99.9%

Published Jan 9, 20251y ago · Modified Jun 17, 20261w ago

9.8 CVSS 3.1

Critical

Published Jan 9, 2025 1y ago

Last Modified Jun 17, 2026 1w ago

KEV Listed Feb 18, 2025 1y ago

KEV Due Mar 11, 2025 475d overdue

Description

An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.

Base Score

9.8

Exploitability

3.9

Impact

5.9

Vector string

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope Unchanged

Confidentiality High

Integrity High

Availability High

CISA Known Exploited Overdue 475d

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

EPSS Exploit Probability

99.9% percentile

Exploit & Patch Status

Actively Exploited (KEV)

No Patch Available

CWE-287 Improper Authentication Authentication

Vendor	Product	Version	Range
sonicwall	sonicos	*	≥7.1.1-7040 – ≤7.1.1-7058
sonicwall	sonicos	7.1.2-7019	any
sonicwall	nsa_2700	*	any
sonicwall	nsa_3700	*	any
sonicwall	nsa_4700	*	any
sonicwall	nsa_5700	*	any
sonicwall	nsa_6700	*	any
sonicwall	nssp_10700	*	any
sonicwall	nssp_11700	*	any
sonicwall	nssp_13700	*	any
sonicwall	nssp_15700	*	any
sonicwall	nsv_270	*	any
sonicwall	nsv_470	*	any
sonicwall	nsv_870	*	any
sonicwall	tz270	*	any
sonicwall	tz270w	*	any
sonicwall	tz370	*	any
sonicwall	tz370w	*	any
sonicwall	tz470	*	any
sonicwall	tz470w	*	any
sonicwall	tz570	*	any
sonicwall	tz570p	*	any
sonicwall	tz570w	*	any
sonicwall	tz670	*	any
sonicwall	sonicos	8.0.0-8035	any
sonicwall	tz80	*	any

psirt.global.sonicwall.com https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003

Vendor Advisory
cisa.gov https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-53704

US Government Resource

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.