CISA Flags Actively Exploited SonicWall Vulnerabilities Amid Rising Threats
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two critical SonicWall vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, following the public release of proof-of-concept (PoC) exploit code for both flaws.
The vulnerabilities tracked as CVE-2023-44221 and CVE-2024-38475 impact SonicWall’s SMA 200, 210, 400, 410, and 500v remote access devices. These bugs allow attackers to remotely execute operating system commands and remap URLs to file system paths, posing serious risks to unpatched systems.
SonicWall updated its advisories last week to confirm that both flaws are being exploited in active attacks. While patches have been available since December 2023 and December 2024 respectively, only devices running software version 10.2.1.14-75sv or later are considered secure.
In response, CISA issued an alert requiring federal agencies to apply the necessary patches by May 22, 2025, as per Binding Operational Directive (BOD) 22-01.
Adding to the urgency, cybersecurity firm watchTowr Labs published technical insights into the vulnerabilities, warning that attackers are likely chaining them for maximum impact. According to watchTowr, CVE-2024-38475 enables attackers to bypass authentication and gain administrative access, while CVE-2023-44221 can be used to execute code under the ‘nobody’ user context.
It’s important to note that CVE-2024-38475 originates from a flaw in the Apache HTTP Server is an integral component in affected SonicWall devices.
"Attackers already have all they need to exploit these flaws," watchTowr stated, explaining the release of their Detection Artefact Generator to help defenders spot signs of compromise.
Given SonicWall’s history as a frequent target for cyberattacks, organizations are strongly urged to update their SMA 100 series appliances immediately and address any products listed in CISA’s KEV catalog without delay.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
