Full Report
The US Cybersecurity and Infrastructure Security Agency has added two flaws affecting SonicWall products to its catalog of Known Exploited Vulnerabilities
Analysis Summary
This summary is based on the provided context, focusing on the two SonicWall vulnerabilities confirmed by CISA to be actively exploited.
# Vulnerability: SonicWall Command Injection and Potential Privilege Escalation
## CVE Details
- CVE ID: CVE-2023-44221 (Note: CISA catalog confirmation for CVE-2024-38475 is mentioned, but details are only provided for CVE-2023-44221 in the text excerpt.)
- CVSS Score: 7.2 (High) for CVE-2023-44221 (based on CVSS 3.1)
- CWE: Post-Authentication Command Injection (Inferred from description for CVE-2023-44221)
## Affected Systems
- Products: SonicWall Secure Mobile Access (SMA) 100 SSL-VPN management interface
- Versions: SMA 200, SMA 210, SMA 400, SMA 410, and SMA 500v.
- Configurations: Affects the management interface, requiring administrative privileges authenticated access.
## Vulnerability Description
**CVE-2023-44221** is described as a **Post-Authentication Command Injection** vulnerability within SonicWall’s SMA products. Improper neutralization of special elements allows a remote, authenticated attacker with administrative privileges to inject arbitrary system commands. Successful exploitation executes these commands with the privileges of a 'nobody' user.
## Exploitation
- Status: **Exploited in the wild** (Confirmed by CISA for CVE-2023-44221, and CISA added both CVE-2023-44221 and CVE-2024-38475 to the KEV catalog.)
- Complexity: Likely **Medium** (Requires pre-existing administrative authentication).
- Attack Vector: **Network** (Implied by remote, authenticated access required for the command injection).
## Impact
- Confidentiality: [Not explicitly detailed, but command execution typically implies potential access]
- Integrity: High (Arbitrary command execution)
- Availability: Medium to High (Depending on executed command)
## Remediation
### Patches
- For CVE-2023-44221: SonicWall released a fix in **SMA 100 series version 10.2.1.10-62sv and higher**.
### Workarounds
- No specific workarounds were listed in the provided text excerpt for CVE-2023-44221. (General mitigation would involve restricting administrative access or network segmentation until patching is complete.)
## Detection
- Detection methods and tools were not detailed in the provided text, but indicators would include unexpected command execution logs originating from the authentication/management process of the SMA appliances.
## References
- Vendor Advisory (CVE-2023-44221): psirt dot global dot sonicwall dot com/vuln-detail/SNWLID-2023-0018 (defanged)
- CISA KEV Catalog Addition: cisa dot gov/known-exploited-vulnerabilities-catalog (defanged)