CyberSecurity news
FlagThis - #sonicwall
|
Ddos@securityonline.info
//
SonicWall has released critical security updates to address three vulnerabilities affecting its Secure Mobile Access (SMA) 100 series products. The vulnerabilities, discovered by Rapid7 cybersecurity researcher Ryan Emmons, impact SMA 200, 210, 400, 410, and 500v devices running firmware version 10.2.1.14-75sv and earlier. The most severe of these flaws, CVE-2025-32819, has a CVSS score of 8.8 and could allow a remote authenticated attacker with SSL-VPN user privileges to bypass path traversal checks and delete arbitrary files, potentially leading to a reboot to factory default settings. SonicWall urges users to upgrade to the fixed release version 10.2.1.15-81sv and higher immediately.
Additionally, the advisory outlines CVE-2025-32820, a post-authentication SSLVPN user Path Traversal vulnerability with a CVSS score of 8.3. This flaw enables a remote authenticated attacker with SSLVPN user privileges to inject a path traversal sequence, making any directory on the SMA appliance writable. A third vulnerability, CVE-2025-32821, carries a CVSS score of 6.7 and allows a remote authenticated attacker with SSLVPN admin privileges to inject shell command arguments to upload a file on the appliance. Security researchers suggest that these vulnerabilities can be chained together by attackers to gain remote code execution as root and compromise vulnerable instances. As a workaround and additional safety measure, SonicWall recommends enabling multifactor authentication (MFA) on the devices, enabling WAF on SMA100 and resetting the passwords for any users who may have logged into the device via the web interface. The cybersecurity company also noted that CVE-2025-32819 may have been exploited in the wild as a zero-day based on known indicators of compromise. Users are advised to update their instances to the latest version for optimal protection. Recommended read:
References :
Ddos@securityonline.info
//
Cybersecurity firm SonicWall has issued warnings to its customers regarding active exploitation of several vulnerabilities affecting its Secure Mobile Access (SMA) appliances. These vulnerabilities, including CVE-2024-38475, CVE-2023-44221 and CVE-2021-20035 can lead to unauthorized access to files and system compromise. Organizations utilizing SonicWall SMA 100 series appliances are strongly urged to apply the necessary patches immediately to mitigate the risk. The active exploitation highlights the critical need for organizations to maintain up-to-date security measures and promptly address security advisories from vendors.
Specifically, CVE-2024-38475 is a critical severity flaw affecting the mod_rewrite module of Apache HTTP Server, potentially allowing unauthenticated remote attackers to execute code. SonicWall addressed this issue in firmware version 10.2.1.14-75sv and later. CVE-2023-44221, a high-severity command injection flaw, allows attackers with administrative privileges to inject arbitrary commands. CVE-2021-20035, an OS command injection vulnerability, which has been actively exploited in the wild since January 2025. The exploitation of these vulnerabilities has prompted advisories and updates, including CISA adding CVE-2021-20035 to its Known Exploited Vulnerabilities catalog. Security researchers have observed active scanning for CVE-2021-20016. It is paramount that organizations proactively manage and patch vulnerabilities to protect their networks and sensitive data. Recommended read:
References :
info@thehackernews.com (The@The Hacker News
//
A critical vulnerability, CVE-2021-20035, in SonicWall Secure Mobile Access (SMA) 100 series appliances is under active exploitation, according to recent reports. The vulnerability, which stems from improper neutralization of special elements in the SMA100 management interface, allows attackers to remotely inject arbitrary commands, potentially leading to code execution. This flaw affects SMA100 devices running older firmware, prompting immediate concern and action from cybersecurity experts. The Cybersecurity and Infrastructure Security Agency (CISA) has added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, highlighting the urgency for federal agencies and other organizations to address the issue.
Exploitation of this older SonicWall SMA100 vulnerability has been underway since January 2025, with cybersecurity firm Arctic Wolf tracking a campaign specifically targeting VPN credential access on SonicWall SMA devices. This campaign is believed to be directly related to the CVE-2021-20035 vulnerability. SonicWall itself has acknowledged the active exploitation, with a spokesperson stating that they are actively investigating the scope and details of the attacks. This revelation underscores the increasing trend of threat actors targeting edge devices, such as VPNs and firewalls, to gain unauthorized access. Given the active exploitation, CISA has mandated that federal civilian executive branch agencies patch their SonicWall appliances or discontinue their use if mitigations cannot be applied by May 7. SonicWall urges customers to follow mitigation steps outlined in its advisory and upgrade to the latest firmware as a best practice. As SonicWall vulnerabilities have been a popular target for threat actors in recent years, the Cybersecurity Dive notes patching and timely firmware updates are key to protection. Recommended read:
References :
info@thehackernews.com (The@The Hacker News
//
Since January 2025, threat actors have been actively exploiting a remote code execution vulnerability, CVE-2021-20035, in SonicWall Secure Mobile Access (SMA) appliances. This exploitation campaign targets the SMA100 management interface, allowing for OS command injection. Arctic Wolf researchers have been tracking this campaign, highlighting the significant risk it poses to organizations utilizing these affected devices due to the potential for credential access.
This vulnerability has now been added to CISA's Known Exploited Vulnerabilities (KEV) catalog, underscoring the severity and ongoing nature of the threat. CISA urges prompt remediation by affected organizations. In addition to CVE-2021-20035, CISA has flagged another critical vulnerability, CVE-2024-53704, which compromises the SSL VPN authentication mechanism in SonicOS. This flaw, with a CVSS score of 9.3, enables attackers to hijack VPN sessions by sending crafted session cookies, bypassing multi-factor authentication and exposing private network routes. CISA has issued a critical security alert urging federal agencies and network defenders to prioritize patching both CVE-2021-20035 and CVE-2024-53704 to prevent potential breach attempts. The Binding Operational Directive (BOD) 22-01 mandates that Federal Civilian Executive Branch (FCEB) agencies secure their networks against ongoing attacks within a specified timeframe. While this directive specifically targets U.S. federal agencies, CISA advises all network defenders to take immediate action to mitigate these risks. Recommended read:
References :
info@thehackernews.com (The@The Hacker News
//
CISA has added CVE-2021-20035, a high-severity vulnerability affecting SonicWall SMA100 series appliances, to its Known Exploited Vulnerabilities (KEV) catalog. This flaw, an OS command injection vulnerability in the SMA100 management interface, allows remote attackers to execute arbitrary code. The Cybersecurity and Infrastructure Security Agency (CISA) issued the alert on April 16, 2025, based on evidence of active exploitation in the wild. SonicWall originally disclosed the vulnerability in September 2021, and updated the advisory noting it has been reportedly exploited in the wild, and has updated the summary and revised the CVSS score to 7.2.
The vulnerability, tracked as CVE-2021-20035, stems from improper neutralization of special elements in the SMA100 management interface. Specifically, a remote authenticated attacker can inject arbitrary commands as a 'nobody' user, potentially leading to code execution. The affected SonicWall devices include SMA 200, SMA 210, SMA 400, SMA 410, and SMA 500v appliances running specific firmware versions. CISA has mandated that Federal Civilian Executive Branch (FCEB) agencies apply the necessary mitigations by May 7, 2025, to protect their networks from this actively exploited vulnerability. Remediation steps include applying the latest security patches provided by SonicWall to all affected SMA100 appliances and restricting management interface access to trusted networks. CISA strongly advises all organizations, including state, local, tribal, territorial governments, and private sector entities, to prioritize remediation of this cataloged vulnerability to enhance their cybersecurity posture. Recommended read:
References :
@ciso2ciso.com
//
References:
ciso2ciso.com
, securityonline.info
SonicWall has released patches to address three newly discovered vulnerabilities in its NetExtender Windows client, a widely-used VPN tool providing secure remote access to internal networks for organizations. The vulnerabilities affect NetExtender for Windows versions 10.3.1 and earlier, and include a high-severity flaw related to improper privilege management, identified as CVE-2025-23008, with a CVSS score of 7.2. This vulnerability could allow a low-privileged attacker to modify critical configurations, potentially re-routing VPN connections or weakening security settings.
The updates also address two medium-severity vulnerabilities: CVE-2025-23009, a local privilege escalation vulnerability via arbitrary file deletion, and CVE-2025-23010, a link following file access issue. The file deletion flaw could allow attackers to delete arbitrary files on the system, potentially escalating privileges or disrupting services. The symlink vulnerability could allow attackers to manipulate file operations and redirect them to unauthorized locations. SonicWall strongly advises users of the NetExtender Windows (32 and 64 bit) client to upgrade to version 10.3.2 or later to mitigate these risks. While there is no evidence of active exploitation of these vulnerabilities in the wild, SonicWall notes that its products are often targeted by malicious actors. The NetExtender for Linux client is not affected by these security defects. Organizations are urged to apply the patches promptly to prevent potential unauthorized configuration changes, privilege escalation, or file path manipulation. Recommended read:
References :
@PCWorld
//
A new variant of the Snake Keylogger malware is actively targeting Windows users, with over 280 million infection attempts detected globally. Cybersecurity researchers have identified this version, also known as the 404 Keylogger, as AutoIt/Injector.GTY!tr. The primary targets include users in China, Turkey, Indonesia, Taiwan, and Spain, where the malware spreads through phishing emails containing malicious attachments or links. The keylogger steals credentials from popular web browsers like Chrome, Edge, and Firefox by logging keystrokes, capturing screenshots, and monitoring the clipboard.
The stolen data, including sensitive information and credentials, is then exfiltrated to its command-and-control (C2) server through various methods, including SMTP email and Telegram bots. The malware utilizes AutoIt, a scripting language frequently used for Windows automation, to deliver and execute its malicious payload. By using AutoIt, the malware can create standalone executables that may bypass standard antivirus solutions. Once executed, the keylogger copies itself to the %Local_AppData%\supergroup folder, names itself ageless[.]exe, and sets its attributes to hidden and creates “ageless.vbs” in the %Startup% folder. Recommended read:
References :
@gbhackers.com
//
References:
BleepingComputer
, Anonymous ???????? :af:
,
A critical authentication bypass vulnerability, identified as CVE-2024-53704, in SonicWall firewalls is under active exploitation. Security firms are warning that attackers are now targeting this flaw following the public release of proof-of-concept exploit code. The vulnerability allows attackers to bypass authentication, posing a significant risk to affected systems.
Security updates are available for download to address the issue, and users are strongly urged to patch their SonicWall firewalls immediately. Attacks are currently taking place, making prompt action essential to mitigate potential exploits. The vulnerability highlights the importance of keeping security infrastructure up-to-date to defend against emerging threats. Recommended read:
References :
|