Cybersecurity company SonicWall has warned customers that several vulnerabilities impacting its Secure Mobile Access (SMA) appliances are now being actively exploited in attacks.
On Tuesday, SonicWall updated security advisories for the CVE-2023-44221 and CVE-2024-38475 security flaws to tag the two vulnerabilities as "potentially being exploited in the wild."
CVE-2023-44221 is described as a high-severity command injection vulnerability caused by improper neutralization of special elements in the SMA100 SSL-VPN management interface that enables attackers with admin privileges to inject arbitrary commands as a 'nobody' user.
[...]
SonicWall: SMA100 VPN vulnerabilities now exploited in attacks
SonicWall: SMA100 VPN vulnerabilities now exploited in attacks
-
rbc
- Secretary
- Posts: 381
- Joined: Mon Oct 30, 2023 1:32 am
- Location: Vicksburg, MS
- ISC2 Member Status: Yes
- Contact:
SonicWall: SMA100 VPN vulnerabilities now exploited in attacks
Robert B. Carleton + ISC2 Central Mississippi Secretary