CISA has added the SonicWall SMA100 OS Command Injection Vulnerability, tracked as CVE-2023-44221, to its Known Exploited Vulnerabilities (KEV) catalog. While specific exploitation details remain limited, security firm watchTowr reported on May 1 that their “client base has been feeding rumors about in-the-wild exploited SonicWall SMA n-days (CVE-2023-44221, CVE-2024-38475) for a while”. According to CISA’s May 1, 2025 advisory, this vulnerability is actively being exploited in the wild, posing a substantial risk to organizations relying on SonicWall’s Secure Mobile Access (SMA) appliances. “These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” CISA stated in its advisory. While this directive only applies to federal agencies, CISA strongly recommends that all organizations prioritize patching of CVE-listed vulnerabilities as part of their vulnerability management practices. CVE-2023-44221 affects the SSL-VPN management interface of SonicWall SMA100 series appliances, allowing remote authenticated attackers with administrative privileges to inject arbitrary commands as a ‘nobody’ user. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. According to the National Vulnerability Database, CVE-2023-44221 carries a CVSS base score of 7.2 (High), reflecting its potential impact on the confidentiality, integrity, and availability of affected systems. Organizations are advised to incorporate the KEV catalog into their vulnerability management prioritization frameworks to ensure timely remediation of the most critical threats. The vulnerability is classified under CWE-78 (OS Command Injection), which occurs when a product constructs operating system commands using externally-influenced input without properly neutralizing special elements. Security researchers at Arctic Wolf have observed that “even fully patched firewall devices may still become compromised if accounts use poor password hygiene”. Created to benefit the cybersecurity community and network defenders, it helps organizations better manage vulnerabilities and keep pace with threat activity. Gurubaran is a co-founder of Cyber Security News and GBHackers On Security.
This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 02 May 2025 06:50:52 +0000