CyberSecurity news
FlagThis
CISA@All CISA Advisories
//
CISA has added two new vulnerabilities, CVE-2024-38475 and CVE-2023-44221, to its Known Exploited Vulnerabilities (KEV) catalog. These vulnerabilities affect Apache HTTP Server and SonicWall SMA100 series appliances, posing significant risks to organizations that utilize these technologies. The agency is urging organizations to take immediate action to mitigate potential exploits. The addition to the KEV catalog highlights the active exploitation of these flaws in the wild, increasing the urgency for patching and remediation.
The vulnerabilities impacting SonicWall SMA 100 devices are particularly concerning due to the potential for complete system takeover and session hijacking. Cybersecurity researchers at watchTowr have discovered that malicious actors are actively combining these vulnerabilities. CVE-2024-38475, an Apache HTTP pre-authentication arbitrary file read vulnerability discovered by Orange Tsai, allows unauthorized file reading. CVE-2023-44221, a post-authentication command injection flaw discovered by Wenjie Zhong (H4lo) of DBappSecurity Co., Ltd, enables attackers to execute arbitrary commands on affected systems.
The combination of these two vulnerabilities allows attackers to extract sensitive information, such as administrator session tokens, effectively bypassing login credentials. Once this initial foothold is established, the command injection vulnerability can be exploited to execute arbitrary commands, potentially leading to session hijacking and full system compromise. The vulnerabilities affect SMA 100 series appliances, including models SMA 200, SMA 210, SMA 400, SMA 410, and SMA 500v. watchTowr has warned of active exploitation of these vulnerabilities, urging organizations to apply available patches to secure their systems.
References :
The vulnerabilities impacting SonicWall SMA 100 devices are particularly concerning due to the potential for complete system takeover and session hijacking. Cybersecurity researchers at watchTowr have discovered that malicious actors are actively combining these vulnerabilities. CVE-2024-38475, an Apache HTTP pre-authentication arbitrary file read vulnerability discovered by Orange Tsai, allows unauthorized file reading. CVE-2023-44221, a post-authentication command injection flaw discovered by Wenjie Zhong (H4lo) of DBappSecurity Co., Ltd, enables attackers to execute arbitrary commands on affected systems.
The combination of these two vulnerabilities allows attackers to extract sensitive information, such as administrator session tokens, effectively bypassing login credentials. Once this initial foothold is established, the command injection vulnerability can be exploited to execute arbitrary commands, potentially leading to session hijacking and full system compromise. The vulnerabilities affect SMA 100 series appliances, including models SMA 200, SMA 210, SMA 400, SMA 410, and SMA 500v. watchTowr has warned of active exploitation of these vulnerabilities, urging organizations to apply available patches to secure their systems.
Share:
References :
- watchTowr Labs: SonicBoom, From Stolen Tokens to Remote Shells - SonicWall SMA (CVE-2023-44221, CVE-2024-38475)
- thecyberexpress.com: CISA Adds Two New Exploited Vulnerabilities to Its Catalog: CVE-2024-38475 and CVE-2023-44221
- thecyberexpress.com: CISA Adds Two New Exploited Vulnerabilities to Its Catalog: CVE-2024-38475 and CVE-2023-44221
- securityaffairs.com: U.S. CISA adds SonicWall SMA100 and Apache HTTP Server flaws to its Known Exploited Vulnerabilities catalog
Classification:
- HashTags: #cve #vulnerability #patch
- Company: Apache, SonicWall
- Target: Systems using Apache HTTP Server, SonicWall SMA100
- Product: Apache HTTP Server, SonicWall SMA100
- Feature: OS Command Injection
- Type: Vulnerability
- Severity: Critical