SonicOS SSL-VPN Improper authentication

First Published:02/06/2024 Last Updated:02/08/2024

  • CVE IDs - CVE-2024-22394
  • CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
  • Affected Products: SonicWall Gen7 firewalls running SonicOS 7.1.1-7040 Image

Description of vulnerability:

An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could allow a remote attacker to bypass authentication (SNWLID-2024-0003).

This issue affects only Gen7 SonicWall firewall running OS/firmware version SonicOS 7.1.1-7040. 

IMPORTANT: This vulnerability has no impact on any other products or SonicOS versions other than the one mentioned in this article. Additionally, SonicWall is not aware of active exploitation in the wild. There have not been any reports of malicious use of this vulnerability reported to SonicWall.

Product Impact

Please review the table below to see if your firewall appliance is impacted. If your appliance is using an impacted firmware version, please follow the provided patch guidance.

Impacted Platforms

Impacted Version

Gen7 - TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W,
TZ570P, TZ670, NSa2700, NSa3700, NSa4700, NSa5700, NSa 6700, NSsp10700, NSsp11700, NSsp13700, NSv 270, NSv 470, NSv 870

7.1.1-7040

Remediation 

The vulnerability has been patched, users of older versions of SonicWall firmware should upgrade to below mentioned latest version immediately. 

Impacted Platforms

Fixed Version

Gen7-TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W,
TZ570P, TZ670, NSa2700, NSa3700, NSa4700, NSa5700, NSa 6700, NSsp10700, NSsp11700, NSsp13700, NSv 270, NSv 470, NSv 870

7.1.1-7047 (R5557) and higher versions

TIP: For assistance with firmware auto upgrade please follow:Firmware Auto Update Feature in Firmware 7.1.1

When we were first notified of it: First noticed by researcher and PSIRT received the report on 5th Feb 2024.

Has it been exploited in the wild: SonicWall PSIRT is not aware of active exploitation in the wild. No reports of a PoC have been made public, and malicious use of this vulnerability have not been reported to SonicWall. 

Related information