SonicWall Security Snafu: Hackers Having a Field Day Exploiting SMA100 Flaws
SonicWall’s SMA100 appliances are under siege! Two vulnerabilities, CVE-2023-44221 and CVE-2024-38475, are being exploited in the wild. It’s like a bad action movie, but with less popcorn and more urgent firmware updates. Get your SMA100 secure or risk a tech horror show!
Hot Take:
Looks like SonicWall’s SMA100 series is the VIP guest at the cyber shindig no one wants an invite to! With CVE numbers that sound like droid names from Star Wars, these vulnerabilities are making sure everyone’s talking about them. But hey, at least SonicWall is keeping us on our toes and making sure we’re not snoozing on software updates. Who knew your mobile access appliance could be such a party animal?
Key Points:
- Two vulnerabilities, CVE-2023-44221 and CVE-2024-38475, are being actively exploited in SonicWall’s SMA100 appliances.
- CVE-2023-44221 allows for OS Command Injection, while CVE-2024-38475 involves improper escaping in Apache HTTP Server, leading to potential session hijacking.
- SonicWall has released firmware updates to address these vulnerabilities.
- The company has not disclosed the technical details of the attacks or identified the threat actors involved.
- These vulnerabilities affect various SMA 100 Series devices, including models SMA 200, 210, 400, 410, and 500v.
Already a member? Log in here