CVE-2024-22394
published 2024-02-08CVE-2024-22394: An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could allow a remote attacker…
PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.75%
50.2th percentile
An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could allow a remote attacker to bypass authentication.
This issue affects only firmware version SonicOS 7.1.1-7040.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sonicwall | sonicos | — | — |
| sonicwall | sonicos | — | — |
| sonicwall | sonicos | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability is specific to SonicWall SonicOS SSL-VPN feature; monitor for unauthenticated or anomalous access attempts against SSL-VPN endpoints on affected firmware ↗
- →Scope detection to devices running exactly SonicOS firmware version 7.1.1-7040, as only this version is confirmed affected ↗
- ·Exploitation requires 'specific conditions' to trigger the authentication bypass; the exact preconditions are not publicly disclosed in available sources, limiting precise detection rule tuning ↗
- ·Only SonicOS firmware version 7.1.1-7040 is affected; other SonicOS versions are not in scope for this CVE ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
SonicWall
CVE-2024-22394: An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could allow a remote a
vendor_sonicwall·2024-02-08·CVSS 9.8
CVE-2024-22394 [CRITICAL] CWE-287 CVE-2024-22394: An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could allow a remote a
CVE-2024-22394: An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could allow a remote attacker to bypass authentication.
This issue affects only firmware version SonicOS 7.1.1-7040.
GHSA
GHSA-533p-5wv5-6gqg: An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could allow a remote a
ghsa_unreviewed·2024-02-08
CVE-2024-22394 [CRITICAL] CWE-287 GHSA-533p-5wv5-6gqg: An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could allow a remote a
An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could allow a remote attacker to bypass authentication.
This issue affects only firmware version SonicOS 7.1.1-7040.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-02-08
Published