CVE-2024-53705
Published: 09 January 2025
Summary
CVE-2024-53705 is a high-severity SSRF (CWE-918) vulnerability in Sonicwall (inferred from references). Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 34.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-4 (Information Flow Enforcement) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2024-53705 is a Server-Side Request Forgery (SSRF) vulnerability, classified under CWE-918, in the SonicOS SSH management interface. It affects SonicWall firewalls running SonicOS, enabling a remote attacker to establish a TCP connection to any IP address on any port when a user is logged in to the firewall's management interface. The vulnerability has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N), indicating high integrity impact with no requirements for privileges or user interaction.
A remote, unauthenticated attacker can exploit this vulnerability over the network with low complexity once a legitimate user is authenticated to the SSH management interface. Successful exploitation allows the attacker to forge server-side requests, forging TCP connections to internal or external hosts and ports, potentially enabling network scanning, bypassing firewall rules, or accessing services not directly exposed.
SonicWall has published a detailed advisory on the vulnerability at https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003, which security practitioners should consult for patch availability and mitigation guidance.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-52038
Vulnerability details
A Server-Side Request Forgery vulnerability in the SonicOS SSH management interface allows a remote attacker to establish a TCP connection to an IP address on any port when the user is logged in to the firewall.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SSRF in public-facing management interface directly enables T1190; arbitrary TCP connections facilitate internal network service discovery (T1046).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the SSRF flaw in the SonicOS SSH management interface by ensuring timely identification, testing, and deployment of vendor patches as noted in the SonicWall advisory.
Validates inputs such as IP addresses and ports in the SSH management interface to prevent server-side request forgery to arbitrary destinations.
Enforces information flow control policies on the firewall to block unauthorized outbound TCP connections initiated via SSRF exploitation.