CISA Flags Two New Actively Exploited Security Flaws: CVE-2024-38475 and CVE-2023-44221

that are currently being used by attackers. These problems affect widely used software: Apache HTTP Server and SonicWall SMA100, making them a big concern for government and private organizations. 

CVE-2024-38475: Problem in Apache HTTP Server 

This security flaw affects Apache HTTP Server versions 2.4.0 to 2.4.59. Found by a researcher named Orange Tsai, the issue is with the server’s mod_rewrite module, which is used to change URLs. Because of a mistake in how it handles certain characters in web addresses, attackers can trick the server into showing hidden files or running unwanted code. 

Hackers can create fake URLs that the server wrongly interprets, potentially letting them run harmful commands or access sensitive information. Apache advises using a special setting called “UnsafePrefixStat” for those who still use older rewrite rules, but only if it’s used carefully. To stay safe, users should upgrade to the latest version of Apache. 

CVE-2023-44221: Command Injection in SonicWall SMA100 

The second issue affects SonicWall’s SMA100 VPN devices, which are used for secure remote access. This bug lets attackers who already have admin access send dangerous commands to the device’s operating system. 

It affects several SonicWall models, including SMA 200, 210, 400, 410, and 500v running older versions (10.2.1.9-57sv or earlier). The issue is considered serious, with a CVSS score of 7.2, meaning it poses a high risk. SonicWall has released a fix and urges users to update to version 10.2.1.10-62sv or newer. 

This type of bug is known as OS command injection and gives hackers a way to control the device. Since attackers are already using this flaw in real attacks, it’s critical to patch affected systems immediately. 

Both vulnerabilities are being actively used by attackers and pose serious risks. Organizations should update their software and follow the guidance from Apache and SonicWall to protect their systems.