Home SonicWall CVE-2024-22394
Back to SonicWall

CVE-2024-22394

SonicOS - SSL-VPN

SonicWall CVSS 9.8 Updated April 6, 2026

Executive Risk Summary

"A remote attacker could bypass authentication in SonicWall SonicOS SSL-VPN feature due to an improper authentication vulnerability, potentially allowing unauthorized access. This issue is specific to firmware version SonicOS 7.1.1-7040."

Anticipated Attack Path

  1. 1. Initial Exploitation: Attacker identifies vulnerable SonicOS SSL-VPN feature
  2. 2. Privilege Escalation: Attacker bypasses authentication
  3. 3. Lateral Movement: Attacker gains unauthorized access to the network

Am I Vulnerable?

  • Verify SonicOS firmware version
  • Check for any suspicious login attempts
  • Review SSL-VPN configuration for any weaknesses

Operational Audit Arsenal

Target Type firmware
Target Asset SonicOS
Standard Path SonicWall device

Manual Verification Required

This is a non-Windows asset (SonicWall). Use the target asset details and official path provided above to verify your current version against the official vendor advisories listed below.

Patch Impact Forecast

Reboot Required Likely

Network connectivity may be interrupted during the patching process

Internal Work Notes

Urgent: SonicWall SonicOS SSL-VPN vulnerability (CVE-2024-22394) - requires immediate patching to prevent unauthorized access

Technical Intelligence & Operational Utilities • Delivered Weekly

Intelligence Sources

Official Advisoryhttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0003
Official Advisoryhttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0003

Related SonicWall Threats

CVE-2025-40604 CVSS 9.8

SonicWall Email Security - Appliance Root Filesystem
CVE-2024-40766 CVSS 9.8

SonicWall SonicOS - Management Access
CVE-2024-29014 CVSS 8.8

SonicWall SMA100 NetExtender Windows client
Data compiled from NVD, MSRC, and CISA KEV Catalog. Intelligence synthesized via AI. Scripts provided for diagnostic purposes under MIT License.