TZUTC: -0500   
   MSGID: 1039.consprcy@1:2320/105 2c67a87e   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   US government flags worrying SonicWall flaw, so update now   
      
   Date:   
   Fri, 18 Apr 2025 13:03:00 +0000   
      
   Description:   
   SonicWall updates its security advisory, and CISA added the flaw to KEV.   
      
   FULL STORY   
      
   The US Cybersecurity and Infrastructure Security Agency (CISA) has added an   
   old SonicWall vulnerability to its Known Exploited Vulnerabilities (KEV)   
   catalog, confirming that it is being used in the wild.    
      
   As a result, Federal Civilian Executive Branch (FCEB) agencies have three   
   weeks to install the patch or stop using the product entirely.    
      
   In late 2021, SonicWall released a security advisory, warning its users about   
   an improper neutralization vulnerability affecting multiple SonicWall Secure   
   Mobile Access (SMA) appliances. At the time, the company said the bug could    
   be used to take down vulnerable endpoints with a Denial-of-Service (DoS)   
   attack. However, the company has now updated the advisory to warn about   
   in-the-wild abuse and to upgrade its severity score from medium to high    
   (7.2).    
      
   "Improper neutralization of special elements in the SMA100 management   
   interface allows a remote authenticated attacker to inject arbitrary commands   
   as a 'nobody' user, which could potentially lead to code execution,"    
   SonicWall said.    
      
   The flaw affects SMA 200, SMA 210, SMA 400, SMA 410, and SMA 500v (ESX, KVM,   
   AWS, Azure) devices.    
      
   At the same time, CISA added the bug to KEV, warning about abuse in the wild.   
   While its Binding Operational Directive 22-01 (which forces organizations to   
   install the patch) only applies to government agencies, those in the private   
   sector should take note when KEV gets a new entry.    
      
   "These types of vulnerabilities are frequent attack vectors for malicious   
   cyber actors and pose significant risks to the federal enterprise," CISA    
   said.    
      
   In 2021, SonicWall suffered one of its largest attacks ever, when a threat   
   actor tracked as UNC2447 abused an SQL injection vulnerability in the SMA100   
   instance to gain unauthorized access to networks. Following the breach, they   
   deployed the Sombrat backdoor and a ransomware variant dubbed FiveHands.    
      
    Via BleepingComputer   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/us-government-flags-worrying-sonicwall-   
   flaw-so-update-now   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30   
   SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 3634/12 5075/35   
   PATH: 2320/105 229/426