CVE-2024-53704

CVE-2024-53704

Vendor Sonicwall
Product SonicOS
Weakness CWE-287 · Improper authentication
KEV Status Known Exploited
Ransomware Used in campaigns
Published January 9, 2025
Last update February 26, 2026

CVSS base score

What the vulnerability does

01Description

An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.

CISA mandated remediation

02CISA Required Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Key dates

03Disclosure timeline

January 9, 2025 CVE published
February 26, 2026 Record updated