Vulnerability discovered in SonicWall SMA 1000

A new security risk affects several models of the SonicWall SMA 1000 series (overview) - including central management instances. Cause for concern: A so-called SSRF vulnerability (Server Side Request Forgery) with a CVSS value of 7.2 could allow attackers to access internal systems via detours.

Recommendation: Anyone still using old firmware versions should urgently switch to the latest update (12.4.3-02925), which is already available for protection.

⚙️ Attacks on older SonicWall firmware - Danger from outdated systems

Alongside the new warning, there are indications of targeted attacks on outdated SMA models in the 200 and 400 series. Two known vulnerabilities, which have long since been patched, are apparently being actively exploited.

1. Gap (CVE-2024-38475) allows the execution of malicious code under certain conditions - a complete system takeover is possible.
2. Gap (CVE-2023-44221) requires admin rights, but can then be abused via the SSL VPN interface for deeper intrusions.

✅ What admins should do now:

• Update systems immediately
• Check access logs regularly
• Disable unnecessary remote access
• Follow PSIRT recommendations from SonicWall

👉 To the official warning message from SonicWall

Do you need support with updating or checking your security measures? We will be happy to help you - contact us! Interested in a SonicWall project? Simply submit your request using our request form!

Also from SonicWall: How to successfully implement NIS2 for a better cyber security standard.