A critical authentication bypass vulnerability in SonicWall firewalls, tracked as CVE-2024-53704, is now being actively exploited in the wild, cybersecurity firms warn.The surge in attacks follows the public release of proof-of-concept (PoC) exploit code on February 10, 2025, by researchers at Bishop Fox, amplifying risks for organizations with unpatched devices.[CVE-2024-53704](https://cybersecuritynews.com/unpatched-sonicwall-firewalls-vulnerability/), rated 9.3 on the CVSS scale, resides in the SSL VPN authentication mechanism of SonicOS, the operating system powering SonicWall’s Gen 6, Gen 7, and TZ80 firewalls.Attackers can remotely hijack active VPN sessions by sending a crafted session cookie containing a base64-encoded null byte string to the `/cgi-bin/sslvpnclient` endpoint.Successful exploitation bypasses multi-factor authentication (MFA), exposes private network routes, and allows unauthorized access to internal resources. Compromised sessions also enable threat actors to terminate legitimate user connections.SonicWall initially disclosed the flaw on January 7, 2025, urging immediate patching. At the time, the vendor reported no evidence of in-the-wild exploitation.**CVE-2024-53704 Exploited in Wild**————————————However, Bishop Fox’s PoC [publication](https://bishopfox.com/blog/sonicwall-cve-2024-53704-ssl-vpn-session-hijacking) on February 10 lowered the barrier to entry for attackers. By February 12, Arctic Wolf [observed](https://arcticwolf.com/resources/blog/cve-2024-53704/) exploitation attempts originating from fewer than ten distinct IP addresses, primarily hosted on [virtual private servers (VPS)](https://cybersecuritynews.com/top-10-vps-cloud-web-hosting-providers-a-comprehensive-review/).Security analysts attribute the rapid weaponization to the vulnerability’s critical impact and the historical targeting of SonicWall devices by ransomware groups like Akira and Fog.As of February 7, over 4,500 internet-exposed [SonicWall SSL VPN](https://cybersecuritynews.com/multiple-sonicwall-vpn-vulnerabilities/) servers remained unpatched, according to Bishop Fox. Affected firmware versions include:* SonicOS 7.1.x (up to 7.1.1-7058)* SonicOS 7.1.2-7019* SonicOS 8.0.0-8035Patched versions, such as SonicOS 8.0.0-8037 and 7.1.3-7015, were released in January 2025.The exploitation pattern mirrors previous campaigns. In late 2024, [Akira](https://cybersecuritynews.com/large-scale-akira-ransomware/) ransomware affiliates leveraged compromised SonicWall VPN accounts to infiltrate networks, often encrypting data within hours of initial access.Arctic Wolf warns that CVE-2024-53704 could similarly serve as a gateway for ransomware deployment, credential theft, or espionage.SonicWall and cybersecurity agencies emphasize urgent action:1. **Upgrade firmware** to fixed versions (e.g., 8.0.0-8037 or 7.1.3-7015).2. **Disable SSL VPN** on public interfaces if immediate patching isn’t feasible.3. **Restrict VPN access** to trusted IP ranges and enforce MFA for remaining users.With active exploitation underway, organizations must prioritize patching to mitigate risks. The convergence of public PoC code, high attack feasibility, and SonicWall’s prominence in enterprise networks underscores the urgency.As Arctic Wolf cautions, delays risk ‘catastrophic network compromise’ given the severity of the vulnerability and the agility of ransomware actors.****`Investigate Real-World Malicious Links & Phishing Attacks With `**Threat Intelligence Lookup**` – `[Try for Free](https://intelligence.any.run/analysis/lookup?utm_source=csn_feb&utm_medium=article&utm_campaign=ti&utm_content=lookup-tasks-1&utm_term=120225)****The post [SonicWall Firewall Authentication Bypass Vulnerability Exploited in Wild Following PoC Release](https://cybersecuritynews.com/firewall-authentication-bypass-vulnerability/) appeared first on [Cyber Security News](https://cybersecuritynews.com).
Related Tags:
GOLD SAHARA
Akira
PUNK SPIDER
NAICS: 54 – Professional
Scientific
Technical Services
NAICS: 334 – Computer And Electronic Product Manufacturing
NAICS: 541 – Professional
Scientific
Technical Services
NAICS: 92 – Public Administration
NAICS: 922 – Justice
Public Order
Safety Activities
NAICS: 33 – Manufacturing – Metal
Electronics And Other
Associated Indicators: