vulnerability

SonicWall SonicOS: CVE-2024-22394: SonicOS SSL-VPN Improper Authentication

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:C/I:N/A:N)	Feb 7, 2024	May 21, 2026	May 21, 2026

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:N/A:N)

Published

Feb 7, 2024

Added

May 21, 2026

Modified

May 21, 2026

Description

An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could allow a remote attacker to bypass authentication. This issue affects only firmware version SonicOS 7.1.1-7040.

Solution

sonicwall-sonicos-upgrade-711-7047

References

CVE-2024-22394
https://attackerkb.com/topics/CVE-2024-22394
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0003
https://euvd.enisa.europa.eu/vulnerability/EUVD-2024-19950
CWE-287
EUVD-EUVD-2024-19950

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report