Skip to main content
close search
site logo
Dive Brief

More than 400 SonicWall firewall instances remain vulnerable to attack

Researchers previously warned of exploitation attempts after the release of a proof of concept.

Published Feb. 25, 2025
David Jones's headshot
Reporter
Programming scripts on laptop monitor, unauthorized remote hacking of server
Motortion via Getty Images

Dive Brief:

  • More than 5,000 instances of an authentication bypass flaw in SonicWall firewalls are exposed to the internet and 460 were listed as vulnerable to exploitation, according to a report released Friday by Censys. The number of vulnerable instances was down to 445 as of Tuesday, researchers said.
  • The vulnerability, listed as CVE-2024-53704, is an improper authentication vulnerability in the SSL VPN mechanism that can allow a remote attacker to bypass authentication. 
  • Security researchers earlier this month warned of active exploitation attempts against CVE-2024-53704,  and the Cybersecurity and Infrastructure Security Agency added the flaw to its known exploited vulnerabilities catalog.  

Dive Insight:

SonicWall issued an advisory and patched the vulnerability in January. However, researchers from Bishop Fox released a proof of concept earlier this month, and Arctic Wolf subsequently reported attempts to exploit the vulnerability. 

SonicWall previously warned the proof of concept significantly increases the risk of exploitation and urged customers to immediately patch.  If upgrading firmware is not possible, the company said disabling the SSL VPN was another option. 

The flaw was linked to the improper handling of base64-encoded session cookies. The getSslvpnSessionFromCookie function fails to properly verify session cookies, according to Bishop Fox and Censys.

The vulnerability affects SonicWall TZ, NSa, NSsp series firewalls and NSv series virtual firewalls, according to Censys.

Filed Under: Vulnerability

Editors' picks

Company Announcements

View all | Post a press release
DISA Data Breach Investigation
From Migliaccio & Rathod LLP
February 25, 2025
Whalebone Strengthens APAC Cybersecurity with New Major Telco Partners
From Whalebone
February 11, 2025
Whalebone Secures €13.35M in Funding to Accelerate Global Growth and Innovation
From Whalebone
February 18, 2025
Cobalt Iron Compass® Named a DCIG TOP 5 Enterprise VMware Backup Solution for 2025-26
From Cobalt Iron
February 05, 2025
Editors' picks
Latest in Vulnerability
Industry Dive is an Informa TechTarget business.
© 2025 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.