SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

PoC Published for Exploited SonicWall Vulnerabilities

PoC code targeting two exploited SonicWall flaws was published just CISA added them to the KEV catalog.
SonicWall vulnerability exploited

The US cybersecurity agency CISA added two SonicWall flaws to the Known Exploited Vulnerabilities (KEV) catalog on the same day that proof-of-concept (PoC) exploit code targeting them was published.

The exploitation of the two security defects, tracked as CVE-2023-44221 and CVE-2024-38475, came to light last week, when SonicWall updated its advisories to flag them as targeted in attacks.

Affecting SonicWall’s SMA 200, SMA 210, SMA 400, SMA 410, and SMA 500v secure remote access products, the flaws can be exploited remotely to inject OS commands and map URLs to file system locations.

Patches for both bugs have been available since December 2023 and December 2024, and SMA 100 series devices running a software version of 10.2.1.14-75sv or later are not vulnerable.

Shortly after SonicWall warned that attackers are exploiting CVE-2023-44221 and CVE-2024-38475 in the wild, CISA added them to the KEV catalog, urging federal agencies to patch them by May 22, as mandated by the Binding Operational Directive (BOD) 22-01.

On the same day, watchTowr Labs published technical details on two flaws, and explained how threat actors are likely chaining them in attacks to take over vulnerable appliances.

The exploitation of CVE-2024-38475, the cybersecurity firm notes, allows attackers to bypass authentication and obtain admin-level control over impacted appliances. Next, CVE-2023-44221 can be targeted to execute commands as the ‘nobody’ user.

It’s worth noting that CVE-2024-38475 was actually assigned to a vulnerability in Apache HTTP Server, which is used by the impacted SonicWall products.

Advertisement. Scroll to continue reading.

“Our decision to publicly release our Detection Artefact Generator today revolves around the painful reality that attackers already have all the necessary information to exploit vulnerable appliances (as the CISA KEV addition signifies),” watchTowr notes.

It is not uncommon for threat actors to target SonicWall vulnerabilities, including zero-days. All organizations are advised to update their SMA 100 series appliances as soon as possible, and to prioritize the patching of any products affected by the vulnerabilities in CISA’s KEV.

Related: SonicWall Flags Old Vulnerability as Actively Exploited

Related: SonicWall Patches High-Severity Vulnerability in NetExtender

Related: SonicWall Firewall Vulnerability Exploited After PoC Publication

Related: SonicWall Confirms Exploitation of New SMA Zero-Day

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

More from

Latest News

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Virtual Event: Threat Detection and Incident Response Summit
May 21, 2025

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Webinar: Cut Through the Noise: Why Context is a Secret Weapon in ASPM
May 29, 2025

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Shane Barney has been appointed CISO of password management and PAM solutions provider Keeper Security.

Edge Delta has appointed Joan Pepin as its Chief Information Security Officer.

Vats Srivatsan has been appointed interim CEO of WatchGuard after Prakash Panjwani stepped down.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.