Warning: Undefined variable $comments_html in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 527

CISA Warns of SonicWall Command Injection Vulnerability Exploited in Wild

On April 16, 2025, CISA added CVE-2021-20035, a command injection vulnerability affecting SonicWall SMA100 appliances, to its Known Exploited Vulnerabilities (KEV) Catalog after confirming evidence of active exploitation in the wild. “This vulnerability is potentially being exploited in the wild,” SonicWall confirmed in a security advisory update published April 14, 2025. “These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” CISA warned in its advisory. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The vulnerability impacts multiple versions of SonicWall SMA100 Series appliances, including SMA 200, SMA 210, SMA 400, SMA 410, and SMA 500v virtual appliances deployed across various platforms such as ESX, KVM, AWS, and Azure. The vulnerability, which has been assigned a CVSS score of 7.2, stems from improper neutralization of special elements in the SMA100 management interface. Attackers could leverage this vulnerability to steal sensitive data, deploy ransomware, or establish persistence for deeper lateral movement across the victim’s network.

This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 17 Apr 2025 09:10:08 +0000

Cyber News related to CISA Warns of SonicWall Command Injection Vulnerability Exploited in Wild

CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
1 year ago Securityaffairs.com

Over 178K SonicWall firewalls vulnerable to DoS, potential RCE attacks - Security researchers have found over 178,000 SonicWall next-generation firewalls with the management interface exposed online are vulnerable to denial-of-service and potential remote code execution attacks. These appliances are affected by two DoS ...
1 year ago Bleepingcomputer.com CVE-2022-22274 CVE-2023-0656

New MOVEit Transfer critical bug is actively exploited - MUST READ. New MOVEit Transfer critical bug is actively exploited. CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. PoC ...
1 year ago Securityaffairs.com CVE-2020-3259 CVE-2023-22515 CVE-2023-40044 CVE-2023-20109 Rocke

178K+ SonicWall Firewalls Vulnerable to DoS, RCE Attacks - Two unauthenticated denial-of-service vulnerabilities are threatening the security of SonicWall next-generation firewall devices, exposing more than 178,000 of them to both DoS as well as remote code execution attacks. SonicWall products affected are ...
1 year ago Darkreading.com CVE-2022-22274 CVE-2023-0656

SonicWall SMA100 OS Command Injection Vulnerability Exploited in Wild - CISA has added the SonicWall SMA100 OS Command Injection Vulnerability, tracked as CVE-2023-44221, to its Known Exploited Vulnerabilities (KEV) catalog. While specific exploitation details remain limited, security firm watchTowr reported on May 1 ...
5 months ago Cybersecuritynews.com CVE-2023-44221

SonicWall OS Command Injection Vulnerability Exploited in the Wild - “During further analysis, SonicWall and trusted security partners identified that ‘CVE-2023-44221 – Post Authentication OS Command Injection’ vulnerability is potentially being exploited in the wild,” SonicWall stated in ...
5 months ago Cybersecuritynews.com CVE-2023-44221

Analyzing the SonicWall Custom Grub LUKS Encryption Modifications - During our initial analysis of a virtual machine image for the application, we discovered a customized LUKS encryption mechanism meant to hinder reverse engineering of the application. We were able to recover the LUKS decryption key by leveraging ...
1 year ago Securityboulevard.com

SonicWall SMA VPN devices targeted in attacks since January - A remote code execution vulnerability affecting SonicWall Secure Mobile Access (SMA) appliances has been under active exploitation since at least January 2025, according to cybersecurity company Arctic Wolf. Days after SonicWall tagged the security ...
5 months ago Bleepingcomputer.com CVE-2021-20035

CISA pledges to resolve issues with threat sharing system after watchdog report - On Friday, the Department of Homeland Security’s Office of the Inspector General published a report on Automated Indicator Sharing (AIS) — which was used to spread cyber threat intelligence and was mandated as part of a 2015 law. The nation’s ...
1 year ago Therecord.media

SonicWall Firewall Authentication Bypass Vulnerability Exploited in Wild - The surge in attacks follows the public release of proof-of-concept (PoC) exploit code on February 10, 2025, by researchers at Bishop Fox, amplifying risks for organizations with unpatched devices. Security analysts attribute the rapid weaponization ...
7 months ago Cybersecuritynews.com CVE-2024-53704 Akira

CISA Warns of SonicWall Command Injection Vulnerability Exploited in Wild - On April 16, 2025, CISA added CVE-2021-20035, a command injection vulnerability affecting SonicWall SMA100 appliances, to its Known Exploited Vulnerabilities (KEV) Catalog after confirming evidence of active exploitation in the wild. “This ...
5 months ago Cybersecuritynews.com CVE-2021-20035

CISA pushes federal agencies to patch Citrix RCE within a week - Today, CISA ordered U.S. federal agencies to secure their systems against three recently patched Citrix NetScaler and Google Chrome zero-days actively exploited in attacks, pushing for a Citrix RCE bug to be patched within a week. Citrix urged ...
1 year ago Bleepingcomputer.com CVE-2023-6548 CVE-2023-6549 CVE-2024-0519

SonicWall Accelerates SASE Offerings; Acquires Proven Cloud Security Provider - PRESS RELEASE. MILPITAS, Calif. - January 3, 2024 - SonicWall, a global cybersecurity leader, today announced the acquisition of Banyan Security, a leading provider of security service edge solutions for the modern workforce. This acquisition ...
1 year ago Darkreading.com

Check Point released hotfix for actively exploited VPN zero-day - MUST READ. Check Point released hotfix for actively exploited VPN zero-day. Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Apple ...
1 year ago Securityaffairs.com CVE-2024-23222 CVE-2023-22515 CVE-2023-40044 CVE-2023-20109

CISA warns agencies of fourth flaw used in Triangulation spyware attacks - The U.S. Cybersecurity and Infrastructure Security Agency has added to its to the Known Exploited Vulnerabilities catalog six vulnerabilities that impact products from Apple, Adobe, Apache, D-Link, and Joomla. The Known Exploited Vulnerabilities ...
1 year ago Bleepingcomputer.com CVE-2023-27524 CVE-2023-41990 CVE-2023-38203 CVE-2023-29300 CVE-2016-20017

High-severity flaw affects Cisco Firepower Management Center - CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Hackers ...
1 year ago Securityaffairs.com CVE-2020-3259 CVE-2024-23897 CVE-2024-0204 CVE-2023-20198 CVE-2023-38831 Rocke

SonicWall SMA1000 Vulnerability Let Attackers to Exploit Encoded URLs To Gain Internal Systems Access Remotely - SonicWall has issued a high-priority security advisory (SNWLID-2025-0010) revealing a critical Server-Side Request Forgery (SSRF) vulnerability in its SMA1000 Appliance Work Place interface. Discovered by security researcher Ronan Kervella of ...
4 months ago Cybersecuritynews.com

178,000 SonicWall firewalls are vulnerable to old DoS bugs The Register - More than 178,000 SonicWall firewalls are still vulnerable to years-old vulnerabilities, an infosec reseacher claims. A study by Jon Williams, senior security engineer at Bishop Fox, this week highlights what he refers to as weapons-grade patch ...
1 year ago Go.theregister.com CVE-2022-22274 CVE-2023-0656

Russia's Midnight Blizzard stole email of more Microsoft customers - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Microsoft fixed two zero-day bugs exploited in malware attacks. CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities ...
1 year ago Securityaffairs.com CVE-2020-3259 CVE-2023-22515 Akira

180k Internet-Exposed SonicWall Firewalls Vulnerable to DoS Attacks, Possibly RCE - The majority of internet-exposed SonicWall next-generation firewall series 6 and 7 devices have not been patched against two potentially serious vulnerabilities, cybersecurity firm Bishop Fox reports. The issues, tracked as CVE-2022-22274 and ...
1 year ago Securityweek.com CVE-2022-22274 CVE-2023-0656

CISA's OT Attack Response Team Understaffed: GAO - The US Government Accountability Office has conducted a study focusing on the operational technology cybersecurity products and services offered by CISA and found that some of the security agency's teams are understaffed. OT environments continue to ...
1 year ago Securityweek.com

Enabling Threat-Informed Cybersecurity: Evolving CISA's Approach to Cyber Threat Information Sharing - One of CISA's most important and enduring roles is providing timely and actionable cybersecurity information to our partners across the country. Nearly a decade ago, CISA stood up our Automated Indicator Sharing, or AIS, program to widely exchange ...
1 year ago Cisa.gov

SonicWall urges admins to patch critical RCE flaw in SMA 100 devices - While attackers would need admin privileges for CVE-2025-40599 successful exploitation and SonicWall has yet to find evidence that this vulnerability is being actively exploited, it still warned customers to secure their devices, as SMA 100 ...
2 months ago Bleepingcomputer.com CVE-2025-40599

Cybersecurity Performance Goals: Assessing How CPGs Help Organizations Reduce Cyber Risk - In October 2022, CISA released the Cybersecurity Performance Goals to help organizations of all sizes and at all levels of cyber maturity become confident in their cybersecurity posture and reduce business risk. Earlier this summer, CISA outlined ...
1 year ago Cisa.gov