Summary: SonicWall has disclosed that two recently patched security vulnerabilities in its SMA100 Secure Mobile Access appliances have been actively exploited. The vulnerabilities, CVE-2023-44221 and CVE-2024-38475, could lead to command injection and unauthorized file access, posing significant risks to affected devices. Users are urged to update their systems and monitor for unauthorized access.
Affected: SonicWall SMA100 Series Devices (including SMA 200, 210, 400, 410, 500v)
Keypoints :
- Vulnerability CVE-2023-44221 allows command injection via the SMA100 SSL-VPN interface.
- Vulnerability CVE-2024-38475 enables potential unauthorized access to server file systems.
- Patch versions for CVE-2023-44221 and CVE-2024-38475 are 10.2.1.10-62sv and 10.2.1.14-75sv or higher, respectively.
- Urgent review of SMA devices is recommended to check for any unauthorized logins.
- Recent disclosures follow CISA’s identification of another exploit affecting SonicWall’s SMA 100 Series.
Source: https://thehackernews.com/2025/05/sonicwall-confirms-active-exploitation.html