Edge security provider SonicWall faces a new wave of vulnerabilities affecting its products, which are being exploited in the wild.
On May 1, the US Cybersecurity and Infrastructure Security Agency (CISA) added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, CVE-2023-44221 and CVE-2024-38475.
CVE-2023-44221: SonicWall’s 2023 Post-Authentication Command Injection
CVE-2023-44221 is a post-authentication command injection vulnerability caused by improper neutralization of special elements in SonicWall’s Secure Mobile Access (SMA), specifically the SMA 100 SSL-VPN management interface.
When exploited, this high-severity flaw (CVSS 3.1 base score of 7.2) allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user. It affects SMA 200, SMA 210, SMA 400, SMA 410 and SMA 500v.
It was detected by a security researcher, Wenjie Zhong (also known as H4lo) from DBappSecurity Co., Ltd’s Webin lab, and was disclosed by SonicWall, a CVE Numbering Authority (CNA), in December 2023.
The SonicWall also released a fix in SMA 100 series version 10.2.1.10-62sv and higher and shared it in a security advisory also published in December 2023.
In an advisory update on April 29, 2025, SonicWall confirmed CVE-2023-44221 is “potentially being exploited in the wild.”
This exploitation has now been confirmed by CISA.
CVE-2024-38475: Apache HTTP Server’s 2024 Pre-Authentication Arbitrary File Read
CVE-2024-38475 is a pre-authentication arbitrary file read affecting Apache HTTP Server.
It was first disclosed by Orange Tsai, the Principal Security Researcher at Devcore, at Black Hat USA 2024 as one of nine different vulnerabilities in the Apache HTTP Server.
No tags.
