SonicWall Security Snafu: New Vulnerabilities Exploited in the Wild!

SonicWall is in the spotlight again as vulnerabilities CVE-2023-44221 and CVE-2024-38475 make their grand debut in CISA’s Known Exploited Vulnerabilities catalog. These flaws allow cyber attackers to channel their inner villain, exploiting SonicWall products and Apache HTTP Server. Stay vigilant, folks!

3P
Published: May 2, 2025 2:00 pmAdded: May 2, 2025 at 7:27 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Looks like SonicWall and Apache are having a less-than-ideal week. Who knew that a “nobody” user could wreak such havoc in the cybersecurity world? Maybe it’s time to call in the cyber exterminators because these vulnerabilities are running amok like digital cockroaches!

Key Points:

  • SonicWall hit with two new vulnerabilities, one of which is being actively exploited.
  • CVE-2023-44221 allows post-authentication command injection in SonicWall’s SMA SSL-VPN.
  • CVE-2024-38475 is a pre-authentication file read flaw in Apache HTTP Server.
  • Exploits are now confirmed by the US Cybersecurity and Infrastructure Security Agency (CISA).
  • SonicWall and Apache are working on patches and advisories to counter these threats.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?