CVE-2023-44221
Published Dec 5, 2023
Last updated 5 months ago
- Description
- Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user, potentially leading to OS Command Injection Vulnerability.
- Source
- PSIRT@sonicwall.com
- NVD status
- Analyzed
- Products
- sma_200_firmware, sma_210_firmware, sma_400_firmware, sma_410_firmware, sma_500v_firmware
CVSS 3.1
- Type
- Primary
- Base score
- 7.2
- Impact score
- 5.9
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- SonicWall SMA100 Appliances OS Command Injection Vulnerability
- Exploit added on
- May 1, 2025
- Exploit action due
- May 22, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
#Vulnerability #Apachemod_rewrite SonicWall Exploit Chain Exposes Admin Hijack Risk via CVE-2023-44221 and CVE-2024-38475 https://t.co/TGHUg4XegI
@Komodosec
27 Jun 2025
63 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SonicWall製SMA100シリーズにおける複数の脆弱性(CVE-2023-44221、CVE-2024-38475)を組み合わせた攻撃について #JPCERTCC (May 12) https://t.co/Ig3t6KwyEs
@foxbook
12 May 2025
468 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CyberNewsFlash「SonicWall製SMA100シリーズにおける複数の脆弱性(CVE-2023-44221、CVE-2024-38475)を組み合わせた攻撃について」を公開。同社はアドバイザリを4/29に更新、脆弱性悪用の可能性を言及しています。影響を受
@jpcert
12 May 2025
4563 Impressions
10 Retweets
15 Likes
1 Bookmark
0 Replies
0 Quotes
統合版 JPCERT/CC | お知らせ:CyberNewsFlash「SonicWall製SMA100シリーズにおける複数の脆弱性(CVE-2023-44221、CVE-2024-38475)を組み合わせた攻撃について」 https://t.co/MAWeM8ftyO #itsec_jp
@itsec_jp
12 May 2025
210 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
お知らせ:CyberNewsFlash「SonicWall製SMA100シリーズにおける複数の脆弱性(CVE-2023-44221、CVE-2024-38475)を組み合わせた攻撃について」 https://t.co/rnYjn7KK7V
@AileenWoodstock
12 May 2025
196 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2023-44221
@transilienceai
10 May 2025
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2023-44221
@transilienceai
9 May 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
SonicBoom, From Stolen Tokens to Remote Shells - SonicWall SMA (CVE-2023-44221, CVE-2024-38475) MAY 2, 2025 https://t.co/xZOTBzAL5O
@tdatwja
9 May 2025
413 Impressions
0 Retweets
4 Likes
1 Bookmark
0 Replies
0 Quotes
SonicWall has confirmed that two critical vulnerabilities in its SMA100 Secure Mobile Access appliances have been exploited in the wild. The flaws, tracked as CVE-2023-44221 (OS command injection, CVSS 7.2) and CVE-2024-38475 (Apache HTTP Server flaw, CVSS 9.8), https://t.co/y5Y
@smart_c_intel
9 May 2025
200 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 Urgent: CISA confirms active exploitation of critical SonicWall SMA 100 flaws (CVE-2023-44221 & CVE-2024-38475). Patch now or restrict admin access—attackers are chaining these for full system compromise. Details: https://t.co/wH4g7CaLcj
@RedTeamNewsBlog
5 May 2025
71 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA has added two critical SonicWall vulnerabilities, CVE-2023-44221 and CVE-2024-38475, to the KEV catalog due to active exploitation. Remote OS command injection risks unauthorized control over these products. 🛡️ #SonicWall #CyberAlerts link: https://t.co/nhYbiHse66
@TweetThreatNews
5 May 2025
118 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
米国サイバーセキュリティ機関CISAは、SonicWallの脆弱性CVE-2023-44221およびCVE-2024-38475を「既知の悪用脆弱性(KEV)」カタログに追加した。対象はSonicWallのSMA 100シリーズなどで、該当バージョン以降に更新されて
@yousukezan
5 May 2025
644 Impressions
0 Retweets
3 Likes
1 Bookmark
0 Replies
0 Quotes
SonicWall VPNの脆弱性CVE-2023-44221及びCVE-2024-38475に対応するPoC(攻撃の概念実証コード)が公表された。 https://t.co/zC1IzEp0w2
@__kokumoto
5 May 2025
928 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
1 Quote
CVE-2023-44221, -2024-38475: Admin Hijack in SonicWall 🔥 In a recent research, @watchtowrcyber demonstrated an exploit that allows to take control of a SonicWall instance. Search at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/YL1BYf4gzi #cybersecurity #vulnerabiliy_map
@Netlas_io
5 May 2025
63 Impressions
2 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
🔥 Breaking News: Cyber attackers are exploiting old vulnerabilities to breach SonicWall SMA appliances! 🚨 With flaws like CVE-2024-38475 & CVE-2023-44221 being targeted, it's more crucial than ever to prioritize security updates.
@WideWatchers
4 May 2025
129 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Attackers exploited old flaws to breach SonicWall SMA appliances (CVE-2024-38475, CVE-2023-44221) - Help Net Security https://t.co/H4mEt1FIyD
@PVynckier
4 May 2025
247 Impressions
3 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2023-44221
@transilienceai
4 May 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
📌 Active exploitation of SonicWall SMA 100 vulnerabilities (CVE-2024-38475, CVE-2023-44221) reported by watchTowr. Full system takeover possible. #CyberSecurity #SonicWall https://t.co/OBmtGYIdVa https://t.co/9c1ijmEQxs
@CyberHub_blog
4 May 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA Flags Two New Actively Exploited Security Flaws: CVE-2024-38475 and CVE-2023-44221 https://t.co/RyWVDVY700
@CyberSecuriUS
4 May 2025
193 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SonicWall warns of two exploited vulnerabilities in SMA appliances, CVE-2023-44221 and CVE-2024-38475, advising customers to apply patches immediately. #Security https://t.co/TDEO2tnkHa
@Strivehawk
3 May 2025
164 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2023-44221
@transilienceai
3 May 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🗞️ SonicWall SMA Devices Under Attack: Critical Flaws Actively Exploited SonicWall confirms active exploitation of CVE-2023-44221 and CVE-2024-38475 in SMA100 devices, enabling file access and session hijacking. Admins are urged to patch immediately to prevent remote code h
@gossy_84
2 May 2025
90 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Des attaques contre les SSL-VPN SonicWall SMA série 100 signalées ! SonicWall a mis à jour ses avis de sécurité pour CVE-2023-44221 et CVE-2024-38475 et la CISA a ajouté ces deux CVE à la base KEV, indiquant des exploitations actives. https://t.co/UV8hj1ol9u
@cert_ist
2 May 2025
86 Impressions
2 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CISA updates its Known Exploited Vulnerabilities Catalog with CVE-2024-38475 in Apache HTTP Server and CVE-2023-44221 in SonicWall SMA100 devices. Urgent patches are essential to prevent unauthorized access! ⚠️🔒 #CVE2024 #CyberThreat link: https://t.co/6LzRYakOG4 https://
@TweetThreatNews
2 May 2025
82 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
#Attackers exploited old flaws to breach #SonicWall SMA appliances (#CVE-2024-38475, CVE-2023-44221) https://t.co/NRBg1XCzUK
@ScyScan
2 May 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔥 UPDATE - A public PoC exploit is now available for a serious SonicWall SMA exploit chain. ➡️ CVE-2024-38475: Apache HTTP Server flaw used to bypass auth ➡️ CVE-2023-44221: Post-auth command injection via Diagnostics menu CISA has added both to the KEV catalog — f
@TheHackersNews
2 May 2025
12385 Impressions
36 Retweets
87 Likes
17 Bookmarks
2 Replies
1 Quote
Our client base has been feeding us rumours about in-the-wild exploited SonicWall SMA n-days (CVE-2023-44221, CVE-2024-38475) for a while... Given these are now CISA KEV, enjoy our now public analysis and reproduction :-) https://t.co/W3zR5YRifJ
@watchtowrcyber
1 May 2025
16630 Impressions
38 Retweets
104 Likes
27 Bookmarks
2 Replies
3 Quotes
⚠️NSOC Alert ⚠️CVE-2023-44221 (CVSS 7.2) & CVE-2024-38475 (CVSS 9.8) are actively exploited in SMA100 appliances, upgrade to firmware ≥ 10.2.1.14-75sv, restrict SSL-VPN management to trusted IPs, enforce MFA for admins, segment VPN gateways, and review access logs
@cirtgovjm
1 May 2025
154 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2023-44221 #SonicWall SMA100 Appliances OS Command Injection Vulnerability https://t.co/LEk5eBKp1m
@ScyScan
1 May 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SonicWall has reported that vulnerabilities CVE-2023-44221 and CVE-2024-38475 in its Secure Mobile Access (SMA) appliances are being actively exploited. https://t.co/G1uxQWef4V
@securityRSS
1 May 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️SonicWall VPN Flaws Under Active Attack SonicWall warns SMA100 bugs CVE-2023-44221 & CVE-2024-38475 are exploited in the wild—enabling RCE & session hijacking. Patch to 10.2.1.14-75sv ASAP. CVE-2021-20035 also being hit. https://t.co/WPUJYfAETp #CyberSecurity
@dCypherIO
1 May 2025
70 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SonicWall warns several vulnerabilities impacting its Secure Mobile Access (SMA) appliances are now being actively exploited. SonicWall updated advisories for the CVE-2023-44221 and CVE-2024-38475 flaws as "potentially being exploited in the wild. https://t.co/h4pBYZjxJj https://
@riskigy
1 May 2025
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Two new KEVs on KEVIntel this morning - CVE-2024-38475 (Apache Software Foundation) - CVE-2023-44221 (SonicWall) https://t.co/W3lvSheb1i
@ethicalhack3r
1 May 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
SonicWall reports active exploitation of vulnerabilities CVE-2023-44221 and CVE-2024-38475 in SMA100 appliances, risking command injection and unauthorized file access. Immediate system updates needed. 🚨 #SonicWall #NetworkSecurity #USA link: https://t.co/J5E82aAaP6 https://t
@TweetThreatNews
1 May 2025
33 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
📌 سونيك وال أكدت وجود استغلال نشط لثغرتين أمنيتين تم إصلاحهما في أجهزة SMA100 Secure Mobile Access. الثغرتان، CVE-2023-44221، سمحتا لمهاجمين عن بُعد ذوي صلاحيات إدارية بال
@Cybercachear
1 May 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SonicWall Confirms Active Exploitation of SMA 100 Vulnerabilities - Urges Immediate Patching SonicWall warns of active attacks on SMA 100 devices via CVE-2023-44221 and CVE-2024-38475. Users urged to update firmware immediately. https://t.co/uFte5hi0UP
@the_yellow_fall
1 May 2025
216 Impressions
2 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SonicWall warns of actively exploited vulnerabilities in its Secure Mobile Access appliances. Advisories for CVE-2023-44221 and CVE-2024-38475 were updated, affecting several devices patched in firmware 10.2.1.14-75sv. #Security https://t.co/wwJ4MNmZbX
@Strivehawk
30 Apr 2025
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 SonicWall warns of high-severity vulnerabilities in SMA100 VPNs now being exploited! CVE-2023-44221 enables command injection, while CVE-2024-38475 allows remote code execution. #SonicWall #VulnerabilityAlert #USA link: https://t.co/KJnh0UEHV1 https://t.co/e1WXY5JPPa
@TweetThreatNews
30 Apr 2025
14 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:sma_200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4674E718-3642-4042-82DE-49B845CF2DC6",
"versionEndIncluding": "10.2.1.9-57sv",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:sma_200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B190266-AD6F-401B-9B2E-061CDD539236",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:sma_210_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5990A44B-DD34-4B32-B233-9062902EBE9A",
"versionEndIncluding": "10.2.1.9-57sv",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:sma_210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51587338-4A5F-41FC-9497-743F061947C2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:sma_400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C82E099E-AAE1-4BD3-B0C0-38326201586C",
"versionEndIncluding": "10.2.1.9-57sv",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:sma_400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D728332-10C9-4508-B720-569D44E99543",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:sma_410_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E422E9C1-597B-468F-A634-23C54C1F7C74",
"versionEndIncluding": "10.2.1.9-57sv",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:sma_410:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9DFB8FBC-FFA4-4526-B306-D5692A43DC9E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:sma_500v_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B70F00FF-A14D-40F3-9381-817542DE6A7D",
"versionEndIncluding": "10.2.1.9-57sv",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:sma_500v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6AD8A33-7CE4-4C66-9E23-F0C9C9638770",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
]