SonicWall SMA1000 zero-days are actively exploited in ransomware attacks
SonicWall disclosed that attackers are actively exploiting two zero-day vulnerabilities in its SMA1000 appliance line, and one of the flaws is a critical SSRF issue that can be used by unauthenticated remote attackers. The second flaw allows authenticated command injection, which means a successful compromise can move from initial access to full system control. Reporting tied the exploitation to INC ransomware activity, highlighting that the bugs are not just theoretical but part of real intrusion campaigns. This matters because SMA appliances sit on the network edge and are often trusted gateways into internal environments. Once compromised, they can provide powerful footholds into enterprise networks and potentially expose sensitive internal traffic. Organizations using affected SonicWall products need to patch quickly and review for signs of prior compromise.
Sources
- Inc Ransomware Exploits SonicWall SMA Zero-Days — Dark Reading
- SonicWall warns of SMA1000 flaws exploited in zero-day attacks, patch now — /r/cybersecurity
- U.S. CISA adds SonicWall and Microsoft flaws to its Known Exploited Vulnerabilities catalog — Security Affairs


Leave a Reply