According to researchers, threat actors are actively targeting a critical flaw in SonicWall’s Secure Mobile Access (SMA) gateways. The vulnerabilities were first seen in December 2021 and were accompanied by a patch after their release. The vulnerabilities addressed by SonicWall were two critical stack-based buffer overflow vulnerabilities tracked as CVE-2021-20038 and CVE-2021-20045. A remote attacker can trigger these vulnerabilities to potentially execute as the ‘nobody’ user in compromised appliances. The CVE-2021-20038 vulnerability impacts SMA 100 series appliances (including SMA 200, 210, 400, 410, and 500v) even when the Web Application Firewall (WAF) is enabled.
Using Microsoft Sentinel to Detect Confluence CVE-2022-26134 Exploitation
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is