SonicWall: SMA100 VPN vulnerabilities now exploited in attacks

​Cybersecurity company SonicWall has warned customers that several vulnerabilities impacting its Secure Mobile Access (SMA) appliances are now being actively exploited in attacks. On Tuesday, SonicWall updated security advisories for the CVE-2023-44221 and CVE-2024-38475 security flaws to tag the two vulnerabilities as "potentially being exploited in the wild." CVE-2023-44221 is described as a high-severity command injection vulnerability caused by improper neutralization of special elements in the SMA100 SSL-VPN management interface that enables attackers with admin privileges to inject arbitrary commands as a 'nobody' user. The second security bug, CVE-2024-38475, is rated as a critical severity flaw caused by improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier. Successful exploitation can allow unauthenticated, remote attackers to gain code execution by mapping URLs to file system locations permitted to be served by the server. The two vulnerabili ... Read full article.