watchTowr Warns of Active Exploitation of SonicWall SMA 100 Devices

watchTowr reveals active exploitation of SonicWall SMA 100 vulnerabilities (CVE-2024-38475 & CVE-2023-44221) potentially leading to full system takeover and session hijacking. Learn about affected models, available patches, and CISA’s urgent warning.

Cybersecurity researchers at watchTowr have spotted malicious threat actors actively leveraging known security vulnerabilities in SonicWall’s widely used SMA 100 (Secure Mobile Access) appliances.

This discovery, documented in their latest blog post shared with Hackread.com, reveals how attackers are combining two specific vulnerabilities to potentially gain complete administrative control over these devices.

Evidence suggests these techniques are already being employed in real-world attacks, making immediate awareness and action critical for affected businesses. The investigation started after clients reported unusual activity on the SonicWall system, leading to the discovery of a vulnerability in the Apache web server software tracked as CVE-2024-38475, discovered by Orange Tsai. The flaw allows unauthorized file reading, and its presence in the SonicWall ...