Sonicwall showed that two security deficiencies were used in the wild that affect its safe mobile access (SMA).
The vulnerabilities in question are below –
- Cve-2023-44221 (CVSS Assessment: 7.2) – Incorrect neutralization of special elements in the SMA100 SSL -VPN management interface allows for remote authenticated attackers with the administrative privilege for the introduction of arbitrary commands as a “no one” that potentially leads to vulnerability
- Cve-2024-38475 (CVSS assessment: 9.8) – Invalid escape from exit to MOD_REWRITE to Apache HTTP Server 2.4.59 and earlier allow the attacker to display the URL to submit the system that allows server server
Both disadvantages affect the SMA 100 devices, including SMA 200, 210, 410, 500V, and were considered in the following versions –
- CVE-2023-44221-10.2.1.10-62SV and higher versions (fixed December 4, 2023)
- CVE-2024-38475-10.2.1.14-75s and Higher versions (fixed December 4, 2024)
Update before the recommendations on April 29, 2025 Sonicwall stated that in the wild vulnerability is potentially exploited, urging customers to review their SMA devices to make sure there are no unauthorized inputs.
“During the further analysis of SonicWall and Trusted Security Partners, the additional operation of the CV-2024-38475, which allows unauthorized access to some files, can provide the session,” the company said.
Currently, there are no details about how vulnerabilities are used, which may have been directed, and the volume and scale of these attacks.
The disclosure of information comes a few weeks after the US Cybersecurity Agency (CISA) added Another disadvantage of security affecting the SonicWall SMA 100 Gateways (CVE-2021-20035, CVSS: 7.2) to known exploited vulnerabilities (KEV), based on evidence of active exploitation.
