SonicWall customers confront resurgence of actively exploited vulnerabilities - #CVE-2023-44221
SonicWall's SMA100 appliances have been targeted by a sophisticated exploit chain dubbed 'SonicBoom', leveraging two critical vulnerabilities: CVE-2024-38475 and CVE-2023-44221. The former, a pre-authentication flaw in Apache's mod\_rewrite module, allows attackers to bypass security restrictions and access sensitive files, including admin session tokens. The latter, a post-authentication command injection vulnerability, enables arbitrary command execution. When combined, these vulnerabilities permit unauthenticated remote code execution and full administrative control over affected devices. The Cybersecurity and Infrastructure Security Agency (CISA) has added these vulnerabilities to its Known Exploited Vulnerabilities catalog, mandating federal agencies to patch by May 22, 2025. SonicWall has released firmware updates to address these issues, but the company faces ongoing security challenges with 20 vulnerabilities disclosed in 2025 alone.