PoC Published for Exploited SonicWall Vulnerabilities

PoC Published for Exploited SonicWall Vulnerabilities

The US Cybersecurity and Infrastructure Security Agency (CISA) has included two critical SonicWall vulnerabilities in its Known Exploited Vulnerabilities (KEV) catalog due to their exploitation in recent attacks. These vulnerabilities, CVE-2023-44221 and CVE-2024-38475, affect various SonicWall secure remote access products. Organizations are urged to patch these vulnerabilities promptly to mitigate risks to their systems.

Keypoints :

  • CISA added two SonicWall vulnerabilities, CVE-2023-44221 and CVE-2024-38475, to its KEV catalog as they are actively exploited.
  • The vulnerabilities can be exploited remotely to inject OS commands and gain unauthorized control over affected SonicWall products, including SMA 200, SMA 210, SMA 400, SMA 410, and SMA 500v.
  • Patches for these flaws have been available since December 2023 and December 2024, and SMA 100 series devices running version 10.2.1.14-75sv or later are not vulnerable.
  • Federal agencies are urged to address these vulnerabilities by the May 22 deadline, as mandated by BOD 22-01.
  • CVE-2024-38475 allows attackers to bypass authentication and gain admin control, while CVE-2023-44221 enables execution of commands as the ‘nobody’ user.
  • Organizations are advised to prioritize patching affected SonicWall products and to update their SMA 100 series appliances promptly.

Read More: https://www.securityweek.com/poc-published-for-exploited-sonicwall-vulnerabilities/