【Vulnerability Alert】Security Flaw in SonicWall SonicOS (CVE-2024-53704) – Immediate Patch Recommended
publish date :
2025-02-26
update date :
2025-03-11
Source: Ministry of education information & communication security contingency platform
| Publication Number | TACERT-ANA-2025022511025454 | Publication Time | 2025/02/25 11:26 |
| Incident Type | ANA-Vulnerability Alert | Discovery Time | 2025/02/25 11:26 |
| Impact Level | Medium | ||
| [Subject] 【Vulnerability Alert】Security Flaw in SonicWall SonicOS (CVE-2024-53704) – Immediate Patch Recommended |
|||
| [Content] Forwarded from the National Institute of Cyber Security NISAC-200-202502-00000128 Security researchers have identified an Improper Authentication vulnerability (CVE-2024-53704) in SonicWall SonicOS, allowing unauthenticated remote attackers to hijack arbitrary SSLVPN connections and infiltrate private internal networks. The exploit method for this vulnerability has been made public, and immediate verification and patching are strongly recommended. Information Sharing Level: WHITE (Information content can be publicly disclosed) |
|||
| [Affected Platform] ● Gen7 Firewalls – Versions 7.1.1-7058 and earlier, and 7.1.2-7019 ● Gen7 NSv – Versions 7.1.1-7058 and earlier, and 7.1.2-7019 ● TZ80 – Version 8.0.0-8035 |
|||
| [Recommended Actions] The affected products and firmware versions are listed below: ● Gen7 Firewalls: TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700, NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700, NSsp 15700 – Versions 7.1.1-7058 and earlier, and 7.1.2-7019 ● Gen7 NSv: NSv 270, NSv 470, NSv 870 – Versions 7.1.1-7058 and earlier, and 7.1.2-7019 ● TZ80: Version 8.0.0-8035 The vendor has released an official security update, please refer to the official advisory and apply patches immediately: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003 |
|||
| [Reference] 1. https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003 2. https://nvd.nist.gov/vuln/detail/CVE-2024-53704 3. https://www.zerodayinitiative.com/advisories/ZDI-25-012/ 4. https://bishopfox.com/blog/sonicwall-cve-2024-53704-ssl-vpn-session-hijacking |
|||
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer:
Computer Center
