The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two SonicWall vulnerabilities—CVE-2023-44221 and CVE-2024-38475—to its Known Exploited Vulnerabilities (KEV) catalog, highlighting active exploitation in the wild, SecurityWeek reports. This update coincided with the public release of proof-of-concept (PoC) code by watchTowr Labs, which detailed how these flaws can be chained to compromise SonicWall’s secure remote access appliances.The affected products include the SonicWall SMA 200, 210, 400, 410, and 500v series. These vulnerabilities enable attackers to inject operating system commands and manipulate URL mappings to the file system remotely. While patches have been available since late 2023 and 2024, devices not running firmware version 10.2.1.14-75sv or later remain exposed.According to technical analysis shared by watchTowr, CVE-2024-38475—originally an Apache HTTP Server flaw—can be used to bypass authentication and escalate privileges to admin level. When paired with CVE-2023-44221, attackers can then execute OS-level commands, potentially gaining persistent control over the affected appliance. This sequence represents a serious risk for unpatched environments.CISA has set a May 22 deadline for federal agencies to apply patches under Binding Operational Directive 22-01. Organizations using SMA 100 series devices are strongly encouraged to prioritize remediation, especially given the history of SonicWall vulnerabilities being targeted by threat actors.
Cybersecurity daily news, Vulnerability Management, Threat Management
Exploited SonicWall Flaws Added to KEV List Amid PoC Code Release
(Credit: monticellllo – stock.adobe.com)
You can skip this ad in 5 seconds