Cybersecurity researchers have detected active exploitation of a critical vulnerability (CVE-2024-53704) affecting SonicWall firewall devices. The flaw enables threat actors to bypass SSL VPN authentication mechanisms, posing a severe risk to enterprise network security. Administrators running affected SonicOS versions must apply the patch immediately — a public proof-of-concept exploit is already in circulation. Full technical advisories are published at the SonicWall PSIRT portal.
Understanding the Technical Impact
The vulnerability affects multiple versions of SonicOS: all versions prior to 7.1.1-7058, version 7.1.2-7019, and 8.0.0-8035. The flaw impacts Gen 6, Gen 7, and SOHO series SonicWall firewall models. When successfully exploited, attackers can hijack active SSL VPN sessions and gain unauthorized access to corporate networks, effectively bypassing established security controls including multi-factor authentication.
Exploitation Timeline and Active Threat
SonicWall issued an urgent firmware update advisory in early January 2024, but the situation escalated after Bishop Fox researchers published a proof-of-concept exploit on February 10, 2025. Security scans confirmed that over 4,500 vulnerable SonicWall SSL VPN servers remained exposed to the internet at the time of disclosure. Arctic Wolf researchers subsequently confirmed active scanning and exploitation attempts against unpatched systems.
Organizations Running SonicWall SSL-VPN with CVE-2024-40766 Unpatched
Any organization running SonicWall Gen 6, Gen 7, or SOHO series firewalls with SSL VPN enabled and SonicOS below version 7.1.1-7058 is directly at risk. This includes enterprises using SonicWall for remote employee access, branch-to-HQ VPN tunnels, and partner network connectivity. With over 4,500 vulnerable devices publicly exposed, attackers have a large pool of targets — prioritizing unpatched devices with active VPN sessions.
Patching SonicWall CVE-2024-40766: Priority Actions for Network Teams
- Upgrade SonicOS firmware to version 7.1.1-7058 or later immediately; follow the upgrade path published on the SonicWall PSIRT portal.
- If patching is not immediately possible, disable SSL VPN access until the firmware update is applied.
- Restrict VPN access via IP allowlists, limiting connections to known corporate IP ranges only.
- Audit all active and recent SSL VPN sessions for anomalies — unexpected source IPs, logins at unusual hours, or sessions that appear to have been cloned.
- Deploy enhanced network monitoring to detect lateral movement that may have already occurred from previously compromised VPN sessions.