SonicWall Confirms Active Exploitation of Two Security Flaws in SMA100 Devices

SonicWall has confirmed that two security vulnerabilities, now patched, affecting its SMA100 Secure Mobile Access (SMA) appliances have been actively exploited. The vulnerabilities in question are CVE-2023-44221 (CVSS score: 7.2), which allows a remote authenticated attacker with administrative privileges to exploit improper neutralization of special elements in the SSL-VPN management interface of SMA100. The technical details and real impacts are not specified in the article.