SonicWall & Apache Vulnerabilities: CISA’s Latest Additions to the “Oh No, Not Again” List
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added SonicWall SMA100 and Apache HTTP Server flaws to its Known Exploited Vulnerabilities catalog. These vulnerabilities could allow attackers unauthorized access and command injection, proving once again that cyber threats never take a vacation, even if your firewall does.
Hot Take:
Looks like the digital villains have been busy plotting their next heist, and CISA is on the case! With SonicWall and Apache joining the “Hall of Exploited Fame,” it’s time for IT departments to grab their superhero capes and patch up faster than a leaky boat in a shark-infested sea. Remember folks, in the world of cybersecurity, procrastination is not a virtue—it’s a vulnerability!
Key Points:
- SonicWall SMA100 appliances and Apache HTTP server vulnerabilities have been added to CISA’s Known Exploited Vulnerabilities catalog.
- Vulnerabilities include CVE-2024-38475 with a CVSS score of 9.8, and CVE-2023-44221 with a CVSS score of 7.2.
- The vulnerabilities allow URL mapping to file systems and OS command injection, respectively.
- Fixed firmware versions have been released for affected SonicWall devices.
- CISA has set a May 22, 2025 deadline for federal agencies to address these vulnerabilities.
Already a member? Log in here