Advisory 80: SonicWALL Vulnerability – CVE-2024-53704
Release Date: 18th of February 2025
Impact : HIGH / CRITICAL
TLP Rating: Clear 
CERT Vanuatu (CERTVU) and the Department of Communication and Digital Transformation (DCDT) provide the following advisory.
This alert is relevant to Organizations who utilize the above products. This alert is intended to be understood by technical users.
What is it?
SonicWALL SonicOS contains an improper authentication vulnerability in the SSLVPN authentication mechanism that allows a remote attacker to bypass authentication.
What are the Systems affected?
Vendor: SonicWALL
Product: SonicOS
Platforms: Gen7 Hardware, Gen7 NSv, TZ80
Versions affected;
- Versions at 7.1.1-7058 and older versions
- Versions at 7.1.2-7019
- Versions at 8.0.0-8035
What this means?
An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication and have unauthorized access
Mitigation process
CERTVU encourages users and administrators to search for indicators of compromise (IOCs) and apply the necessary updates and workarounds.
See details here for fixed versions and workaround.
References
1. https://www.cve.org/CVERecord?id=CVE-2024-53704
2. https://cwe.mitre.org/data/definitions/287
3. https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003
- Download advisory (English): SonicWALL Vulnerability – CVE-2024-53704