SonicWall warns of more VPN flaws exploited in attacks
Cybersecurity company SonicWall has warned customers that two older vulnerabilities impacting its Secure Mobile Access (SMA) appliances are now being actively exploited in attacks.
On Tuesday, SonicWall updated security advisories for the CVE-2023-44221 and CVE-2024-38475 security flaws to tag the two vulnerabilities as “potentially being exploited in the wild.”
CVE-2023-44221 is described as a high-severity command injection vulnerability caused by improper neutralization of special elements in the SMA100 SSL-VPN management interface that enables attackers with admin privileges to inject arbitrary commands as a ‘nobody’ user.
Read more at Bleeping Computer