SonicWall SonicOS SSLVPN Improper Authentication Vulnerability
SonicWall — SonicOS
- Added to KEV catalog
- 18 February 2025
- Federal remediation due date
- 11 March 2025
- Weakness classification (CWE)
- CWE-287
CISA Description
SonicWall SonicOS contains an improper authentication vulnerability in the SSLVPN authentication mechanism that allows a remote attacker to bypass authentication.
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003 ; https://nvd.nist.gov/vuln/detail/CVE-2024-53704
More SonicWall Vulnerabilities
SonicWall SMA1000 Missing Authorization Vulnerability
SonicWall SMA100 Appliances OS Command Injection Vulnerability
SonicWall SMA100 Appliances OS Command Injection Vulnerability
SonicWall SMA1000 Appliances Deserialization Vulnerability
SonicWall SonicOS Improper Access Control Vulnerability
Is this vulnerability present in your environment?
CRS delivers independent VAPT assessments that identify exactly which known-exploited vulnerabilities exist in your network, applications, and infrastructure.
Explore VAPT Services