SonicWall CVE-2024-53704: SSL VPN Session Hijacking bishopfox.com/blog/soni…

Bishop Fox researchers have successfully exploited CVE-2024-53704, an authentication bypass affecting the SSL VPN component of unpatched SonicWall firewalls. According to SonicWall, SonicOS versions 7.1.x (7.1.1-7058 and older), 7.1.2-7019, and 8.0.0-8035 are affected. The researchers confirmed that the attack can be performed remotely, without authentication, and enables hijacking of active SSL VPN client sessions.

The vendor advisory for CVE-2024-53704 was only published two weeks ago, and SonicWall reported no evidence of exploitation in the wild. Our current research indicates more than 5,000 affected SonicWall devices remain accessible on the internet. Although significant reverse-engineering effort was required to find and exploit the vulnerability, the exploit itself is rather trivial. As a result, we will delay publication of exploit details for at least 90 days to allow time for patching.