Forum: RetroDigital BBS

US government flags worry

From Mike Powell@1:2320/105 to All on Fri Apr 18 10:19:00 2025

US government flags worrying SonicWall flaw, so update now

Date:
Fri, 18 Apr 2025 13:03:00 +0000

Description:
SonicWall updates its security advisory, and CISA added the flaw to KEV.

FULL STORY

The US Cybersecurity and Infrastructure Security Agency (CISA) has added an
old SonicWall vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, confirming that it is being used in the wild.

As a result, Federal Civilian Executive Branch (FCEB) agencies have three
weeks to install the patch or stop using the product entirely.

In late 2021, SonicWall released a security advisory, warning its users about an improper neutralization vulnerability affecting multiple SonicWall Secure Mobile Access (SMA) appliances. At the time, the company said the bug could
be used to take down vulnerable endpoints with a Denial-of-Service (DoS) attack. However, the company has now updated the advisory to warn about in-the-wild abuse and to upgrade its severity score from medium to high
(7.2).

"Improper neutralization of special elements in the SMA100 management
interface allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user, which could potentially lead to code execution,"
SonicWall said.

The flaw affects SMA 200, SMA 210, SMA 400, SMA 410, and SMA 500v (ESX, KVM, AWS, Azure) devices.

At the same time, CISA added the bug to KEV, warning about abuse in the wild. While its Binding Operational Directive 22-01 (which forces organizations to install the patch) only applies to government agencies, those in the private sector should take note when KEV gets a new entry.

"These types of vulnerabilities are frequent attack vectors for malicious
cyber actors and pose significant risks to the federal enterprise," CISA
said.

In 2021, SonicWall suffered one of its largest attacks ever, when a threat actor tracked as UNC2447 abused an SQL injection vulnerability in the SMA100 instance to gain unauthorized access to networks. Following the breach, they deployed the Sombrat backdoor and a ransomware variant dubbed FiveHands.

Via BleepingComputer

======================================================================
Link to news story: https://www.techradar.com/pro/security/us-government-flags-worrying-sonicwall- flaw-so-update-now

$$
--- SBBSecho 3.20-Linux
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)

Who's Online
Recent Visitors
- Dextile
  Sun May 11 16:12:19 2025
  from Calgary, Ab via Telnet
- Deepend
  Sun May 11 12:44:18 2025
  from Calgary, Ab via HTTPS
- Dextile
  Sat May 10 23:51:47 2025
  from Calgary, Ab via Telnet
- Vintagegeek
  Sat May 10 15:24:01 2025
  from Swarthmore, Pa via Telnet

System Info

Sysop:	deepend
Location:	Calgary, Alberta
Users:	266
Nodes:	10 (0 / 10)
Uptime:	20:51:56
Calls:	2,089
Calls today:	1
Files:	4,444
D/L today:	37 files (13,539K bytes)
Messages:	412,855

Synchronet Oneliners
- Vintagegeek@rdbbs
  Wed Apr 2 05:31:46 2025
  AcornTV
- Vintagegeek@rdbbs
  Mon Apr 7 15:00:43 2025
  Britbox
- Vintagegeek@rdbbs
  Tue Apr 29 06:11:59 2025
  My life is Murder TV
- Vintagegeek@rdbbs
  Sat May 3 05:08:46 2025
  Go Stampede
- Darknetgirl@rdbbs
  Tue May 6 02:09:48 2025
  Greetings from London/Milan. Getting back to real stuff

US government flags worry

Who's Online

Recent Visitors

System Info

Synchronet Oneliners