SonicWall has revealed that two currently patched security flaws affecting the SMA100 Secure Mobile Access (SMA) appliance are being utilized in the wild.
The vulnerabilities in question are listed below –
CVE-2023-444221 (CVSS score: 7.2) – Improper neutralization of special elements of the SMA100 SSL-VPN management interface allows remote authentication attackers with administrative privileges to inject arbitrary commands as “no one” users. Output escape in mod_rewrite before Apache HTTP Server 2.4.59 allows an attacker to map URLs to file the location of the system that the server is allowed to serve.
Both defects affected SMA 100 series devices including SMA 200, 210, 400, 410, 500V and were dealt with in the following versions –
CVE-2023-44221-10.2.1.10-62SV or higher version (fixed December 4, 2023) CVE-2024-38475-10.2.1.14-75SV and high-end version (fixed December 4, 2024)
In an update to the recommendation on April 29, 2025, Sonic Wall said that vulnerabilities could be exploited in the wild, urging customers to check their SMA devices to ensure there are no unauthorized logins.
“During further analysis, Sonic Wall and our trusted security partners have identified additional exploitation techniques using CVE-2024-38475.
Currently there is no details about how the vulnerabilities are being exploited, who may have been targeted, and the scope and size of these attacks.
This disclosure comes just a few weeks after the US Cybersecurity and Infrastructure Security Agency (CISA) added another security flaw affecting the Sonicwall SMA 100 Series Gateway (CVE-2021-20035, CVSS score: 7.2) to a known exploit vulnerability (KVSS score: 7.2).
Source link
