You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
SonicWall has identified an Improper Authentication vulnerability in the SSLVPN authentication mechanism. A successful exploit of this vulnerability could allow an attacker to gain unauthorized access, with potential impacts to the confidentiality, integrity, and availability of the networks that were supposed to be protected by the VPN.
On 7 January 2025, SonicWall released patches for multiple vulnerabilities in Gen6 and Gen7 firewalls. The patched vulnerabilities include two vulnerabilities in the SSLVPN functionality that made it possible to take over established SSLVPN sessions, thereby gaining access to the internal network (CVE-2024-53704 and CVE-2024-40762). While SonicWall has not yet observed that these vulnerabilities are being exploited in the wild, they do describe them as at imminent risk of exploitation.
## Recommendations
To remediate {% cve CVE-2024-53704 %}, apply the patch as soon as possible for impacted products, latest patch builds are available for download on [mysonicwall.com](https://mysonicwall.com).
## What we are doing
DIVD is currently working to identify parties that are running a vulnerable version of SonicWall SSL-VPN service and to notify these parties.
