alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS SonicOS SSLVPN Authentication Bypass (CVE-2024-53704)"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/__api__/v1/client/sessionstatus|3f|"; fast_pattern; content:"cookie|3d|"; threshold:type threshold, track by_src, count 30, seconds 10; reference:url,attackerkb.com/topics/UB3P3xHVAo/cve-2024-53704/rapid7-analysis; reference:cve,2024-53704; classtype:web-application-attack; sid:2059786; rev:1; metadata:affected_product SonicWall, attack_target Networking_Equipment, tls_state TLSDecrypt, created_at 2025_01_30, cve CVE_2024_53704, deployment Perimeter, deployment Internal, deployment SSLDecrypt, confidence High, signature_severity Major, updated_at 2025_01_30; target:dest_ip;)