The U.S. Cybersecurity and Infrastructure Security Agency has added two newly exploited SonicWall vulnerabilities, CVE-2023-44221 and CVE-2024-38475, to its Known Exploited Vulnerabilities catalog, signaling heightened concern after proof-of-concept exploit code became public, SecurityWeek reports.
Both flaws impact SonicWall SMA remote access devices and allow attackers to remotely inject commands and map file system paths, with one enabling admin-level access through an Apache HTTP Server flaw. Patches have been available since late 2023 and 2024, and systems running version 10.2.1.14-75sv or newer are not affected. CISA has ordered federal agencies to apply updates by May 22 under Binding Operational Directive 22-01. On the same day, watchTowr Labs released technical details, warning that attackers may chain both flaws to fully compromise devices. “Attackers already have all the necessary information,” the firm stated, justifying the release of their detection tool. Experts recommend urgent patching for all vulnerable SMA 100 series products to prevent compromise.
Both flaws impact SonicWall SMA remote access devices and allow attackers to remotely inject commands and map file system paths, with one enabling admin-level access through an Apache HTTP Server flaw. Patches have been available since late 2023 and 2024, and systems running version 10.2.1.14-75sv or newer are not affected. CISA has ordered federal agencies to apply updates by May 22 under Binding Operational Directive 22-01. On the same day, watchTowr Labs released technical details, warning that attackers may chain both flaws to fully compromise devices. “Attackers already have all the necessary information,” the firm stated, justifying the release of their detection tool. Experts recommend urgent patching for all vulnerable SMA 100 series products to prevent compromise.
