Cybersecurity firm SonicWall has warned prospects that a number of vulnerabilities impacting its Safe Cellular Entry (SMA) home equipment are actually being actively exploited in assaults.
On Tuesday, SonicWall up to date safety advisories for the CVE-2023-44221 and CVE-2024-38475 safety flaws to tag the 2 vulnerabilities as “probably being exploited within the wild.”
CVE-2023-44221 is described as a high-severity command injection vulnerability brought on by improper neutralization of particular components within the SMA100 SSL-VPN administration interface that allows attackers with admin privileges to inject arbitrary instructions as a ‘no one’ person.
The second safety bug, CVE-2024-38475, is rated as a vital severity flaw brought on by improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier. Profitable exploitation can permit unauthenticated, distant attackers to achieve code execution by mapping URLs to file system areas permitted to be served by the server.
The 2 vulnerabilities influence SMA 200, SMA 210, SMA 400, SMA 410, and SMA 500v gadgets and are patched in firmware model 10.2.1.14-75sv and later.
“Throughout additional evaluation, SonicWall and trusted safety companions recognized a further exploitation approach utilizing CVE-2024-38475, by which unauthorized entry to sure information may allow session hijacking,” SonicWall warned in an up to date advisory.
“Throughout additional evaluation, SonicWall and trusted safety companions recognized that ‘CVE-2023-44221 – Put up Authentication OS Command Injection’ vulnerability is probably being exploited within the wild,” it added. “SonicWall PSIRT recommends that prospects overview their SMA gadgets to make sure no unauthorized logins.”
Earlier this month, the corporate flagged one other high-severity flaw patched nearly 4 years in the past and tracked as CVE-2021-20035 as actively exploited in distant code execution assaults focusing on SMA100 VPN home equipment. Sooner or later later, cybersecurity firm Arctic Wolf mentioned CVE-2021-20035 had been beneath energetic exploitation since at the least January 2025.
CISA additionally added the safety bug to its Identified Exploited Vulnerabilities catalog, ordering U.S. federal businesses to safe their networks in opposition to ongoing assaults.
In January, SonicWall urged admins to patch a vital flaw in SMA1000 safe entry gateways that was being exploited in zero-day assaults, and one month later warned of an actively exploited authentication bypass flaw in Gen 6 and Gen 7 firewalls that lets hackers hijack VPN periods.
Primarily based on an evaluation of 14M malicious actions, uncover the highest 10 MITRE ATT&CK strategies behind 93% of assaults and how you can defend in opposition to them.
