In January, SonicWall urged admins to patch a critical flaw in SMA1000 secure access gateways that was being exploited in zero-day attacks, and one month later warned of an actively exploited authentication bypass flaw in Gen 6 and Gen 7 firewalls that lets hackers hijack VPN sessions. Cybersecurity company SonicWall has warned customers that several vulnerabilities impacting its Secure Mobile Access (SMA) appliances are now being actively exploited in attacks. Earlier this month, the company flagged another high-severity flaw patched almost four years ago and tracked as CVE-2021-20035 as actively exploited in remote code execution attacks targeting SMA100 VPN appliances. "During further analysis, SonicWall and trusted security partners identified an additional exploitation technique using CVE-2024-38475, through which unauthorized access to certain files could enable session hijacking," SonicWall warned in an updated advisory. CVE-2023-44221 is described as a high-severity command injection vulnerability caused by improper neutralization of special elements in the SMA100 SSL-VPN management interface that enables attackers with admin privileges to inject arbitrary commands as a 'nobody' user. CISA also added the security bug to its Known Exploited Vulnerabilities catalog, ordering U.S. federal agencies to secure their networks against ongoing attacks. The second security bug, CVE-2024-38475, is rated as a critical severity flaw caused by improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier. Successful exploitation can allow unauthenticated, remote attackers to gain code execution by mapping URLs to file system locations permitted to be served by the server.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Wed, 30 Apr 2025 17:25:10 +0000