Attackers have been using two previously known vulnerabilities (CVE-2024-38475, CVE-2023-44221) to compromise Sonicwall secure mobile access devices, the vendor has confirmed by updating the associated advisories. CISA has added the two flaws to its Known Exploited Vulnerabilities catalog, and Watchtowr researchers have analyzed how they can be being chained together and have released a proof-of-concept exploit (or, as they call it, a “Detection Artefact Generator”). The exploited vulnerabilities (CVE-2024-38475, CVE-2023-44221) Sonicwall SMA100 appliances are VPN … More

The post Attackers exploited old flaws to breach SonicWall SMA appliances (CVE-2024-38475, CVE-2023-44221) appeared first on Help Net Security.