CVE-2024-22394

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Feb 8, 2024

Updated: Feb 14, 2024

CWE ID 287

Summary

CVE-2024-22394 is a new vulnerability affecting SonicWall's SSL-VPN feature in SonicOS firmware version 7.1.1-7040. This issue involves an improper authentication process that could potentially be exploited by remote attackers to bypass authentication under specific conditions. The potential impact of this vulnerability is significant, as a successful attack could grant unauthorized access to the SSL-VPN. Organizations using SonicOS 7.1.1-7040 are strongly advised to update their systems as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Sonicwall SonicOS

Affected Vendors

SonicWall Inc.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/uF-9bh
https://www.cve.org/CVERecord?id=CVE-2024-22394
https://nvd.nist.gov/vuln/detail/CVE-2024-22394

Back to Vulnerability Database