Two SonicWall SMA100 Flaws Actively Exploited in the Wild
SonicWall has confirmed that two significant security vulnerabilities have been actively exploited in its SMA100 Secure Mobile Access (SMA) appliances. The company warned of a potential threat to its customers, highlighting the importance of prompt updates and patches to ensure their devices remain secure.
Understanding the Flaws
The two identified vulnerabilities, CVE-2023-44221 and CVE-2024-38475, have been found to impact SonicWall's SMA100 Series devices, including the SMA 200, 210, 400, 410, and 500v models. The first vulnerability, CVE-2023-44221, is characterized as a post-authentication OS command injection, which allows attackers to execute system commands on the device.
Furthermore, SonicWall's latest advisory revealed that an additional exploitation technique using CVE-2024-38475 can enable session hijacking. This technique allows unauthorized access to certain files, potentially leading to further attacks and data breaches. However, SMA100 devices updated with firmware version 10.2.1.14-75sv are not vulnerable to CVE-2024-38475 or this related session hijacking technique.
Impact and Response
The SonicWall SMA100 Series devices affected by these vulnerabilities are a significant concern, as they can be exploited in various ways, including post-authentication OS command injection and file system access. The company has acknowledged that the attacks exploiting the vulnerabilities have already occurred in the wild, although no technical details or specific threat actor attribution have been disclosed.
SonicWall has addressed these flaws with firmware updates, which are now available for download. Customers can ensure their devices remain secure by applying the latest patches and staying informed about any future security updates.
Stay Informed
To stay up-to-date on the latest security news and alerts, follow us on Twitter (@securityaffairs), Facebook, and Mastodon. We'll continue to provide in-depth coverage of emerging threats and security trends, helping you stay ahead of the curve in the ever-evolving world of cybersecurity.