CVE-2024-53704

An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.

CVSS v3.0 9.8 CRITICAL

9.8^/10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:sonicwall:sonicos::::::::
	cpe:2.3:o:sonicwall:sonicos:7.1.2-7019:::::::*

OR	cpe:2.3:h:sonicwall:nsa_2700:-:::::::*
	cpe:2.3:h:sonicwall:nsa_3700:-:::::::*
	cpe:2.3:h:sonicwall:nsa_4700:-:::::::*
	cpe:2.3:h:sonicwall:nsa_5700:-:::::::*
	cpe:2.3:h:sonicwall:nsa_6700:-:::::::*
	cpe:2.3:h:sonicwall:nssp_10700:-:::::::*
	cpe:2.3:h:sonicwall:nssp_11700:-:::::::*
	cpe:2.3:h:sonicwall:nssp_13700:-:::::::*
	cpe:2.3:h:sonicwall:nssp_15700:-:::::::*
	cpe:2.3:h:sonicwall:nsv_270:-:::::::*
	cpe:2.3:h:sonicwall:nsv_470:-:::::::*
	cpe:2.3:h:sonicwall:nsv_870:-:::::::*
	cpe:2.3:h:sonicwall:tz270:-:::::::*
	cpe:2.3:h:sonicwall:tz270w:-:::::::*
	cpe:2.3:h:sonicwall:tz370:-:::::::*
	cpe:2.3:h:sonicwall:tz370w:-:::::::*
	cpe:2.3:h:sonicwall:tz470:-:::::::*
	cpe:2.3:h:sonicwall:tz470w:-:::::::*
	cpe:2.3:h:sonicwall:tz570:-:::::::*
	cpe:2.3:h:sonicwall:tz570p:-:::::::*
	cpe:2.3:h:sonicwall:tz570w:-:::::::*
	cpe:2.3:h:sonicwall:tz670:-:::::::*

Configuration 2 (hide)

AND

cpe:2.3:o:sonicwall:sonicos:8.0.0-8035:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:tz80:-:*:*:*:*:*:*:*

History

19 Feb 2025, 15:33

Type	Values Removed	Values Added
References	~~() https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003 -~~	() https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003 - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
First Time		Sonicwall tz570p Sonicwall nssp 13700 Sonicwall tz270 Sonicwall tz570 Sonicwall nsa 5700 Sonicwall tz570w Sonicwall nsv 870 Sonicwall nssp 15700 Sonicwall tz470 Sonicwall sonicos Sonicwall nsv 470 Sonicwall tz270w Sonicwall nsa 3700 Sonicwall nssp 11700 Sonicwall tz370 Sonicwall Sonicwall nsa 2700 Sonicwall nssp 10700 Sonicwall tz370w Sonicwall nsv 270 Sonicwall tz80 Sonicwall tz470w Sonicwall nsa 4700 Sonicwall tz670 Sonicwall nsa 6700
CPE		cpe:2.3:h:sonicwall:tz80:-:::::::* cpe:2.3:h:sonicwall:nsv_870:-:::::::* cpe:2.3:h:sonicwall:nssp_10700:-:::::::* cpe:2.3:h:sonicwall:nsv_270:-:::::::* cpe:2.3:h:sonicwall:tz570:-:::::::* cpe:2.3:h:sonicwall:nsv_470:-:::::::* cpe:2.3:o:sonicwall:sonicos:7.1.2-7019:::::::* cpe:2.3:h:sonicwall:tz470w:-:::::::* cpe:2.3:h:sonicwall:tz370:-:::::::* cpe:2.3:h:sonicwall:nsa_4700:-:::::::* cpe:2.3:h:sonicwall:tz370w:-:::::::* cpe:2.3:h:sonicwall:nsa_5700:-:::::::* cpe:2.3:o:sonicwall:sonicos:8.0.0-8035:::::::* cpe:2.3:h:sonicwall:tz470:-:::::::* cpe:2.3:h:sonicwall:nsa_6700:-:::::::* cpe:2.3:h:sonicwall:nssp_13700:-:::::::* cpe:2.3:h:sonicwall:nsa_2700:-:::::::* cpe:2.3:h:sonicwall:tz670:-:::::::* cpe:2.3:h:sonicwall:nssp_11700:-:::::::* cpe:2.3:h:sonicwall:tz570p:-:::::::* cpe:2.3:h:sonicwall:tz570w:-:::::::* cpe:2.3:h:sonicwall:nsa_3700:-:::::::* cpe:2.3:h:sonicwall:nssp_15700:-:::::::* cpe:2.3:o:sonicwall:sonicos:::::::: cpe:2.3:h:sonicwall:tz270:-:::::::* cpe:2.3:h:sonicwall:tz270w:-:::::::*

09 Jan 2025, 15:15

Type	Values Removed	Values Added
CWE	~~CWE-287~~

09 Jan 2025, 07:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-09 07:15

Updated : 2025-02-19 15:33

NVD link : CVE-2024-53704

Mitre link : CVE-2024-53704

JSON object : View

Products Affected

sonicwall

tz670
tz470w
tz570
nsa_6700
nssp_15700
tz570p
tz270
nsa_4700
nssp_11700
nsv_870
tz370w
nssp_13700
nssp_10700
tz270w
nsv_470
nsa_2700
tz570w
tz470
nsa_5700
nsa_3700
tz80
nsv_270
tz370
sonicos

CWE

No CWE.

9.8 /10