Several vulnerabilities in the Sonicwall SECURE ACCESS (SMA) management interface could allow the execution of the remote code


MS-ISAC consultancy number:

2025-046

Published date (s):

05/05/2025

PREVIEW:

Multiple VUlnerabilities have been discovered in the management interface of Sonicwall Secure Mobile Access (SMA), which could allow the execution of remote code. Sonicwall Secure Mobile Access (SMA) is a unified secure access gateway used by organizations to provide employees with access to applications from anywhere. Successful exploitation of these vulnerabilities When chained, could allow the execution of the remote code, potentially leading to a session diversion and a complete compromise of the system.

Threat intelligence:

Watchtowr CVE-2024-38475 and CVE-2023-44221 reports are already used in attacks in the real world, making awareness and action immediately essential for affected organizations. CISA has also added both vulnerabilities to the catalog of known vulnerabilities (KEV).

Affected systems:

  • SMA 200
  • SMA 210
  • SMA 400
  • SMA 410
  • SMA 500v

    • Large and medium government entitiesHIGH

    Small governmentMEDIUM

    Large and medium business entitiesHIGH

    Small business entitiesMEDIUM

Leave a Reply

Your email address will not be published. Required fields are marked *

Related News

CISA publishes seven advice on industrial control systemsCISA publishes seven advice on industrial control systems

CISA publishes seven advice on industrial control systems

July 1, 2025
Several vulnerabilities in Citrix products could allow the disclosure of sensitive dataSeveral vulnerabilities in Citrix products could allow the disclosure of sensitive data

Several vulnerabilities in Citrix products could allow the disclosure of sensitive data

June 27, 2025

You may have missed

CISA publishes seven advice on industrial control systemsCISA publishes seven advice on industrial control systems

CISA publishes seven advice on industrial control systems

July 1, 2025
Several vulnerabilities in Citrix products could allow the disclosure of sensitive dataSeveral vulnerabilities in Citrix products could allow the disclosure of sensitive data

Several vulnerabilities in Citrix products could allow the disclosure of sensitive data

June 27, 2025
CISA publishes five advice from industrial control systemsCISA publishes five advice from industrial control systems

CISA publishes five advice from industrial control systems

June 17, 2025
Ransomware actors use unrefined surveillance and remote management to compromise the provider of public services billing softwareRansomware actors use unrefined surveillance and remote management to compromise the provider of public services billing software

Ransomware actors use unrefined surveillance and remote management to compromise the provider of public services billing software

June 12, 2025
Several vulnerabilities in Adobe products could allow an arbitrary code executionSeveral vulnerabilities in Adobe products could allow an arbitrary code execution

Several vulnerabilities in Adobe products could allow an arbitrary code execution

June 10, 2025
Cisa publishes four reviews of industrial control systemsCisa publishes four reviews of industrial control systems

Cisa publishes four reviews of industrial control systems

June 10, 2025