Warning: Undefined variable $comments_html in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 527

SonicWall SMA VPN devices targeted in attacks since January

A remote code execution vulnerability affecting SonicWall Secure Mobile Access (SMA) appliances has been under active exploitation since at least January 2025, according to cybersecurity company Arctic Wolf. Days after SonicWall tagged the security bug as exploited in the wild without sharing when the attacks started, cybersecurity company Arctic Wolf reported that threat actors used CVE-2021-20035 exploits in attacks as early as January 2025. In February, SonicWall also urged customers in January to patch a critical vulnerability affecting SMA1000 secure access gateways following reports that it had already been exploited in zero-day attacks and, one month later, warned of an actively exploited authentication bypass flaw in Gen 6 and Gen 7 firewalls that can let hackers hijack VPN sessions. To block CVE-2021-20035 attacks targeting their SonicWall appliances, Arctic Wolf advised network defenders to limit VPN access to the minimum necessary accounts, deactivate unneeded accounts, enable multi-factor authentication for all accounts, and reset passwords for all local accounts on SonicWall SMA firewalls. However, the company updated the four-year-old security advisory on Monday to flag the security bug as exploited in attacks, expand the impact to include remote code execution, and upgrade the CVSS severity score from medium to high severity. This security flaw (CVE-2021-20035) impacts SMA 200, SMA 210, SMA 400, SMA 410, and SMA 500v devices and was patched almost four years ago, in September 2021, when SonicWall said it could only be exploited to take down vulnerable appliances in denial-of-service (DoS) attacks. CISA has also added the vulnerability to its Known Exploited Vulnerabilities catalog, confirming it's now being abused in the wild and ordering Federal Civilian Executive Branch (FCEB) agencies to secure their networks against ongoing attacks until May 7th. "Arctic Wolf has identified an ongoing VPN credential access campaign targeting SMA 100 series appliances, with a starting timeframe as early as January 2025, extending into April 2025," the cybersecurity firm said. Successful exploitation can allow remote threat actors with low privileges to exploit an "improper neutralization of special elements in the SMA100 management interface" to inject arbitrary commands as a 'nobody' user and execute arbitrary code in low-complexity attacks.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Fri, 18 Apr 2025 15:05:21 +0000

Cyber News related to SonicWall SMA VPN devices targeted in attacks since January

SonicWall SMA VPN devices targeted in attacks since January - A remote code execution vulnerability affecting SonicWall Secure Mobile Access (SMA) appliances has been under active exploitation since at least January 2025, according to cybersecurity company Arctic Wolf. Days after SonicWall tagged the security ...
4 months ago Bleepingcomputer.com CVE-2021-20035

SonicWall urges admins to patch critical RCE flaw in SMA 100 devices - While attackers would need admin privileges for CVE-2025-40599 successful exploitation and SonicWall has yet to find evidence that this vulnerability is being actively exploited, it still warned customers to secure their devices, as SMA 100 ...
1 month ago Bleepingcomputer.com CVE-2025-40599

SonicWall OS Command Injection Vulnerability Exploited in the Wild - “During further analysis, SonicWall and trusted security partners identified that ‘CVE-2023-44221 – Post Authentication OS Command Injection’ vulnerability is potentially being exploited in the wild,” SonicWall stated in ...
4 months ago Cybersecuritynews.com CVE-2023-44221

Zcaler ThreatLabz 2024 VPN Risk Report - The growing sophistication of cyberthreats alongside the expansion of remote workforces and cloud technologies have exposed significant vulnerabilities in VPNs. Due to their legacy architecture, VPNs grant overly broad network access once credentials ...
1 year ago Cybersecurity-insiders.com

Mullvad VPN Review: Features, Pricing, Pros & Cons - Visit Mullvad VPN. Mullvad VPN has built a solid reputation for being one of the best privacy-focused VPNs on the market. Visit Mullvad VPN. Mullvad offers a flat rate of €5 or $5.48 per month, regardless of subscription length. If you're looking ...
1 year ago Techrepublic.com

Atlas VPN Free vs. Premium: Which Plan Is Best For You? - When VPN providers offer free versions, you may be inclined to stick with that version. Atlas VPN Free is a lifetime-free version of the Atlas VPN service, which allows users to enjoy VPN services in four locations. In comparison, Atlas VPN Premium ...
1 year ago Techrepublic.com

Cybersecurity Insiders - As the threat landscape rapidly evolves, VPNs cannot provide the secure, segmented access organizations need. The 2023 VPN Risk Report reveals the complexity of today's VPN management, user experience issues, vulnerabilities to diverse cyberattacks, ...
1 year ago Cybersecurity-insiders.com

5 Best VPNs for Travel in 2024 - VPNs are software that encrypt your online activity and adjust your IP address, protecting sensitive company data and allowing you to access geo-restricted content at the same time. In this article, we take a look at the five best VPNs for travelers. ...
1 year ago Techrepublic.com

178K+ SonicWall Firewalls Vulnerable to DoS, RCE Attacks - Two unauthenticated denial-of-service vulnerabilities are threatening the security of SonicWall next-generation firewall devices, exposing more than 178,000 of them to both DoS as well as remote code execution attacks. SonicWall products affected are ...
1 year ago Darkreading.com CVE-2022-22274 CVE-2023-0656

Over 178K SonicWall firewalls vulnerable to DoS, potential RCE attacks - Security researchers have found over 178,000 SonicWall next-generation firewalls with the management interface exposed online are vulnerable to denial-of-service and potential remote code execution attacks. These appliances are affected by two DoS ...
1 year ago Bleepingcomputer.com CVE-2022-22274 CVE-2023-0656

5 Best VPNs for Android in 2024 - See details VIsit ProtonVPN. see details Visit CyberGhost VPN. As more Android users rely on their smartphones to surf the web, virtual private networks have become essential tools to help secure your mobile connection, no matter where you are. One ...
1 year ago Techrepublic.com

Hackers Leverage Compromised Third-Party SonicWall SSL VPN to Breach Networks - Cybersecurity researchers have uncovered a new wave of cyberattacks exploiting compromised third-party SonicWall SSL VPN appliances. Attackers are leveraging these vulnerabilities to gain unauthorized access to corporate networks, leading to data ...
1 week ago Cybersecuritynews.com CVE-2021-20016 CVE-2023-20036 UNC2447

SonicWall Firewall Authentication Bypass Vulnerability Exploited in Wild - The surge in attacks follows the public release of proof-of-concept (PoC) exploit code on February 10, 2025, by researchers at Bishop Fox, amplifying risks for organizations with unpatched devices. Security analysts attribute the rapid weaponization ...
6 months ago Cybersecuritynews.com CVE-2024-53704 Akira

Analyzing the SonicWall Custom Grub LUKS Encryption Modifications - During our initial analysis of a virtual machine image for the application, we discovered a customized LUKS encryption mechanism meant to hinder reverse engineering of the application. We were able to recover the LUKS decryption key by leveraging ...
1 year ago Securityboulevard.com

VPN for Your Phone: Key to Global Email Security While Traveling - You'll need to enter the details of your VPN connection, including the VPN name, type, server address, and any required authentication credentials. One essential way to use a VPN is to protect your email communications. A VPN can be side-loaded for ...
1 year ago Securityboulevard.com

SonicWall Accelerates SASE Offerings; Acquires Proven Cloud Security Provider - PRESS RELEASE. MILPITAS, Calif. - January 3, 2024 - SonicWall, a global cybersecurity leader, today announced the acquisition of Banyan Security, a leading provider of security service edge solutions for the modern workforce. This acquisition ...
1 year ago Darkreading.com

SonicWall SMA1000 Vulnerability Let Attackers to Exploit Encoded URLs To Gain Internal Systems Access Remotely - SonicWall has issued a high-priority security advisory (SNWLID-2025-0010) revealing a critical Server-Side Request Forgery (SSRF) vulnerability in its SMA1000 Appliance Work Place interface. Discovered by security researcher Ronan Kervella of ...
3 months ago Cybersecuritynews.com

6 Best Anonymous VPNs for 2024 - VPNs are primarily used to secure online traffic and help users remain anonymous to avoid targeted ads, hide their location or ensure the security and privacy of their personal data. Though many VPN providers may advertise having a no-logs policy, ...
1 year ago Techrepublic.com

Understanding the Complexities of VPNs: Balancing Privacy and Security in the Digital Age - A U.S. traveler in Europe might face restrictions accessing certain paid streaming services available in the U.S., which can be circumvented by a VPN masking the local European IP address, thus granting access to U.S.-based content. While VPNs appear ...
1 year ago Cysecurity.news

SonicWall SMA 100 Vulnerabilities Let Attackers Execute Arbitrary JavaScript Code - Currently, SonicWall reports no evidence of active exploitation in the wild, though the pre-authentication nature of these flaws makes immediate patching essential for maintaining network security posture. The vulnerabilities affect SMA 210, 410, and ...
1 month ago Cybersecuritynews.com

178,000 SonicWall firewalls are vulnerable to old DoS bugs The Register - More than 178,000 SonicWall firewalls are still vulnerable to years-old vulnerabilities, an infosec reseacher claims. A study by Jon Williams, senior security engineer at Bishop Fox, this week highlights what he refers to as weapons-grade patch ...
1 year ago Go.theregister.com CVE-2022-22274 CVE-2023-0656

CISA Warns of SonicWall Command Injection Vulnerability Exploited in Wild - On April 16, 2025, CISA added CVE-2021-20035, a command injection vulnerability affecting SonicWall SMA100 appliances, to its Known Exploited Vulnerabilities (KEV) Catalog after confirming evidence of active exploitation in the wild. “This ...
4 months ago Cybersecuritynews.com CVE-2021-20035

SonicWall SMA devices hacked with OVERSTEP rootkit tied to ransomware - It is unclear how the hackers obtained initial access, but researchers investigating UNC6148 attacks noticed that the threat actor already had local administrator credentials on the targeted appliance. With shell access on the appliance, the threat ...
1 month ago Bleepingcomputer.com Abyss Hunters

SonicWall: SMA100 VPN vulnerabilities now exploited in attacks - In January, SonicWall urged admins to patch a critical flaw in SMA1000 secure access gateways that was being exploited in zero-day attacks, and one month later warned of an actively exploited authentication bypass flaw in Gen 6 and Gen 7 firewalls ...
4 months ago Bleepingcomputer.com CVE-2021-20035

Critical SonicWall SSL VPN Vulnerability Let Attackers Trigger DoS Attack - The vulnerability impacts a comprehensive range of Gen7 hardware firewalls, including the TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700, NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700, ...
1 month ago Cybersecuritynews.com CVE-2025-40600