Patch now! Attackers are once again targeting older Sonicwall vulnerabilities
Due to ongoing attacks, administrators should update their remote maintenance solutions of the SMA series from Sonicwall immediately.
(Image: solarseven/Shutterstock.com)
Attackers are currently targeting two older vulnerabilities in Sonicwall's Secure Mobile Access (SMA) remote maintenance solutions. Security patches have been available for some time, but apparently they have not yet been installed across the board. Admins should act immediately and update their SMA instances.
Both vulnerabilities affect the SMA series SMA 200, 210, 400, 410 and 500v. The developers assure that they have closed the gaps as of firmware 10.2.1.14-75sv.
Systems can be fully compromised
If attacks are successful, attackers can execute malicious code. The "critical" vulnerability (CVE-2024-38475) affects the SMA component Apache HTTP Server. Attackers can use crafted URLs to launch malicious code attacks.
Sonicwall now warns of attacks in an updated article. The extent of the attacks is currently unclear. The developers advise admins to be on the lookout for unauthorized log-in attempts. They also state that further investigations into the vulnerability have shown that attackers can take over sessions after successful exploitation.
In order to exploit the second vulnerability (CVE-2023-44221 "high"), a remote attacker must already have admin rights. If this is the case, they can use the SSL VPN management interface to execute their own commands, the developers explain in a warning message.
Videos by heise
Not the first time
Only recently, attacks on older security vulnerabilities in the Sonicwall context made headlines. The US security authority Cybersecurity & Infrastructure Security Agency (CISA), among others, warned of this in a message.
(des)
