Today CISA announced that they had added an OS command injection vulnerability in the SonicWall SMA100 Appliances to their Known Exploited Vulnerability (KEV) catalog. SonicWall disclosed the vulnerability in September 2021 and updated the advisory earlier this week announcing that the vulnerability had reportedly been exploited in the wild, and has updated the summary and revised the CVSS score to 7.2. The vulnerability was originally reported to SonicWall by Wenxu Yin - Alpha Lab, Qihoo 360 Technology.
CISA is requiring federal agencies using the AMA100 appliances
to apply “mitigations per vendor instructions, follow applicable BOD 22-01
guidance for cloud services, or discontinue use of the product if mitigations
are unavailable.” They have provided a deadline of May 7th, 2025.
Posts
No comments:
Post a Comment