CVE-2024-53704

Arctic Wolf reports on CVE-2024-53704, a high-severity authentication-bypass flaw in SonicWall SonicOS SSLVPN for affected firewall models; a public PoC was released and exploitation attempts were observed shortly thereafter. The PoC enables unauthenticated actors to bypass MFA, disclose sensitive information, and interrupt VPN sessions. Arctic Wolf highlights prior Akira ransomware activity leveraging SonicWall SSL VPN access as initial access and strongly recommends upgrading to the listed fixed SonicOS firmware versions and/or restricting SSLVPN access as a mitigation.