CVE-2024-22394 – An improper authentication vulnerability in Son... (How to Fix)

Q: What is the severity of CVE-2024-22394?

CVE-2024-22394 has a CVSS score of 9.8 (CRITICAL). An improper authentication vulnerability in SonicWall SonicOS SSL-VPN allows remote attackers to bypass authentication under specific conditions. This affects organizations using SonicWall firewalls with SSL-VPN enabled on firmware version 7.1.1-7040, potentially exposing internal networks to unauthorized access.

📋 TL;DR

An improper authentication vulnerability in SonicWall SonicOS SSL-VPN allows remote attackers to bypass authentication under specific conditions. This affects organizations using SonicWall firewalls with SSL-VPN enabled on firmware version 7.1.1-7040, potentially exposing internal networks to unauthorized access.

💻 Affected Systems

Products:

SonicWall firewalls with SonicOS

Versions: SonicOS 7.1.1-7040 only

Operating Systems: SonicOS firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with SSL-VPN feature enabled. Other SonicOS versions are not vulnerable.

📦 What is this software?

Sonicos by Sonicwall

View all CVEs affecting Sonicos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete network compromise with attacker gaining administrative access to internal systems through the VPN gateway.

🟠

Likely Case

Unauthorized access to internal network resources and potential data exfiltration.

🟢

If Mitigated

Limited impact if strong network segmentation and additional authentication layers are in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

CVSS 9.8 indicates critical severity with low attack complexity. No public exploit details available at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: SonicOS 7.1.1-7040 with hotfix or later version

Vendor Advisory: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0003

Restart Required: Yes

Instructions:

1. Log into SonicWall management interface. 2. Navigate to System > Firmware & Backups. 3. Download and install the latest firmware from SonicWall support portal. 4. Reboot the firewall after installation.

🔧 Temporary Workarounds

Disable SSL-VPN

all

Temporarily disable the SSL-VPN feature until patching can be completed

Restrict VPN Access

all

Limit VPN access to specific IP ranges using firewall rules

🧯 If You Can't Patch

Implement network segmentation to isolate VPN traffic
Enable multi-factor authentication for VPN access

🔍 How to Verify

Check if Vulnerable:

Check firmware version in SonicWall management interface under System > Status

Check Version:

show version (in SonicWall CLI) or check System > Status in web interface

Verify Fix Applied:

Verify firmware version is updated beyond 7.1.1-7040 and test VPN authentication

📡 Detection & Monitoring

Log Indicators:

Unusual VPN authentication patterns
Failed authentication attempts followed by successful access
VPN connections from unexpected locations

Network Indicators:

VPN traffic spikes
Unauthorized internal network access from VPN IPs

SIEM Query:

source="sonicwall" AND (event_type="vpn_auth" AND result="success") | stats count by src_ip | where count > threshold

📊 Metadata

CVE ID: CVE-2024-22394

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-287

Published: February 8, 2024

Last Updated: November 21, 2024

🔗 References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0003 Vendor Advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0003 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-22394, you might also want to check these: