February 11, 2025 By Bill Toulas
Security researchers at Bishop Fox have published complete exploitation details for the CVE-2024-53704 vulnerability that allows bypassing the authentication mechanism in certain versions of the SonicOS SSLVPN application.
The vendor warned about the high exploitation possibility of the flaw in a bulletin on January 7, urging administrators to upgrade their SonicOS firewalls' firmware to address the problem.
"We have identified a firewall vulnerability that is susceptible to actual exploitation for customers with SSL VPN or SSH management enabled, and that should be mitigated immediately by upgrading to the latest firmware," warned SonicWall in an email sent to customers at the time.
The flaw allows a remote attacker to hijack active SSL VPN sessions without authentication, granting them unauthorized access to the victim's network.
