alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS SonicOS SSLVPN Authentication Bypass HTTP Cookie (swap) (CVE-2024-53704)"; flow:established,to_server; flowbits:set,ET.CVE_2024_53704; http.method; content:"GET"; http.uri; content:"/cgi-bin/sslvpnclient|3f|"; fast_pattern; content:"launchplatform|3d|"; http.cookie; content:"swap|3d|"; pcre:"/^[\x00-\xff]{32}/R"; reference:url,bishopfox.com/blog/sonicwall-cve-2024-53704-ssl-vpn-session-hijacking; reference:cve,2024-53704; classtype:web-application-attack; sid:2060055; rev:1; metadata:affected_product SonicWall, attack_target Networking_Equipment, tls_state TLSDecrypt, created_at 2025_02_13, cve CVE_2024_53704, deployment Perimeter, deployment Internal, deployment SSLDecrypt, confidence High, signature_severity Major, tag Exploit, updated_at 2025_02_13; target:dest_ip;)