Cybersecurity firm SonicWall has warned clients that a number of vulnerabilities impacting its Safe Cellular Entry (SMA) home equipment are actually being actively exploited in assaults.
On Tuesday, SonicWall up to date safety advisories for the CVE-2023-44221 and CVE-2024-38475 safety flaws to tag the 2 vulnerabilities as “probably being exploited within the wild.”
CVE-2023-44221 is described as a high-severity command injection vulnerability attributable to improper neutralization of particular components within the SMA100 SSL-VPN administration interface that permits attackers with admin privileges to inject arbitrary instructions as a ‘no one’ person.
The second safety bug, CVE-2024-38475, is rated as a crucial severity flaw attributable to improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier. Profitable exploitation can permit unauthenticated, distant attackers to realize code execution by mapping URLs to file system areas permitted to be served by the server.
The 2 vulnerabilities impression SMA 200, SMA 210, SMA 400, SMA 410, and SMA 500v gadgets and are patched in firmware model 10.2.1.14-75sv and later.
“Throughout additional evaluation, SonicWall and trusted safety companions recognized a further exploitation method utilizing CVE-2024-38475, by which unauthorized entry to sure information might allow session hijacking,” SonicWall warned in an up to date advisory.
“Throughout additional evaluation, SonicWall and trusted safety companions recognized that ‘CVE-2023-44221 – Publish Authentication OS Command Injection’ vulnerability is probably being exploited within the wild,” it added. “SonicWall PSIRT recommends that clients assessment their SMA gadgets to make sure no unauthorized logins.”
Earlier this month, the corporate flagged one other high-severity flaw patched nearly 4 years in the past and tracked as CVE-2021-20035 as actively exploited in distant code execution assaults focusing on SMA100 VPN home equipment. In the future later, cybersecurity firm Arctic Wolf mentioned CVE-2021-20035 had been underneath energetic exploitation since a minimum of January 2025.
CISA additionally added the safety bug to its Recognized Exploited Vulnerabilities catalog, ordering U.S. federal companies to safe their networks in opposition to ongoing assaults.
In January, SonicWall urged admins to patch a crucial flaw in SMA1000 safe entry gateways that was being exploited in zero-day assaults, and one month later warned of an actively exploited authentication bypass flaw in Gen 6 and Gen 7 firewalls that lets hackers hijack VPN classes.
