SonicWall has issued updated advisories confirming active exploitation of multiple vulnerabilities in its Secure Mobile Access (SMA) appliances, BleepingComputer reports. The flaws—CVE-2023-44221 and CVE-2024-38475—affect several SMA product lines, including SMA 200, 210, 400, 410, and 500v. Both issues have been patched in the latest firmware update, but the company is warning customers to check for signs of compromise and apply fixes immediately.CVE-2023-44221 is a command injection bug in the SMA100 SSL-VPN interface that allows attackers with administrative access to execute arbitrary commands. Meanwhile, CVE-2024-38475, rated critical, stems from a flaw in Apache HTTP Server and can allow unauthenticated, remote attackers to execute code by manipulating URLs mapped to specific file paths. SonicWall noted that further analysis revealed potential for session hijacking via unauthorized file access.This follows a series of alerts from SonicWall about ongoing threats targeting its VPN infrastructure. Earlier in April, the company warned of renewed exploitation of a 2021 vulnerability, CVE-2021-20035, in remote code execution attacks on SMA100 appliances. The bug has been under active attack since at least January 2025 and has since been added to CISA’s Known Exploited Vulnerabilities catalog.SonicWall has also been responding to other zero-day threats in recent months, including a critical flaw in SMA1000 gateways and an authentication bypass in Gen 6 and Gen 7 firewalls. As VPNs remain a favored target for attackers seeking access to enterprise networks, administrators are urged to remain vigilant and ensure all updates are applied across affected systems.
Cybersecurity daily news, Network Security, Patch/Configuration Management
SonicWall Flags New Wave of VPN Exploits Targeting SMA Devices
(Adobe Stock)
An In-Depth Guide to Network Security
Get essential knowledge and practical strategies to fortify your network security.
You can skip this ad in 5 seconds