CVE-2024-53705
SonicWall has disclosed several vulnerabilities in SonicOS, which may expose systems to remote exploitation or privilege escalation: CVE-2024-40762: A cryptographically weak pseudo-random number generator (PRNG) used in SSLVPN authentication could allow attackers to predict tokens and bypass authentication under certain circumstances. CVE-2024-53704: An improper authentication flaw in the SSLVPN mechanism enables remote attackers to bypass authentication entirely. CVE-2024-53705: A server-side request forgery (SSRF) issue in the SSH management interface allows attackers to create TCP connections to arbitrary IP addresses and ports if a user is logged into the firewall. CVE-2024-53706: In Gen7 SonicOS Cloud NSv (AWS/Azure editions), a local privilege escalation vulnerability allows authenticated low-privileged users to gain root access, potentially leading to code execution.
EPSS 0.15% · 34.8th percentile
Risk Scores
Timeline
- Jan 7, 2025 CVE Published
- Jan 10, 2025 EPSS Score
- Jan 26, 2025 EPSS Score
- Feb 10, 2025 EPSS Score
- Feb 16, 2025 CVE Updated
- Feb 26, 2025 EPSS Score
- Mar 14, 2025 EPSS Score
- Mar 29, 2025 EPSS Score
- Apr 14, 2025 EPSS Score
- Apr 30, 2025 EPSS Score
- May 15, 2025 EPSS Score
- May 16, 2025 Coalition ESS Score
References
- https://ccb.belgium.be/advisories/warning-multiple-vulnerabilities-sonicwall-patch-immediately advisory
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003 vendor
- https://securityonline.info/sonicwall-issues-important-security-advisory-for-multiple-vulnerabilities-in-sonicos/ technical
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog advisory