Close Menu

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    Enterprise Asset Management Policy Template for the CIS Controls v8.1 (French)

    July 14, 2026

    Spanish Police take down €140 million cyber fraud ring, arrest four

    July 14, 2026

    SonicWall warns of SMA1000 flaws exploited in zero-day attacks, patch now

    July 14, 2026
    Facebook X (Twitter) Instagram
    • Demos
    • Technology
    • Gaming
    • Buy Now
    Facebook X (Twitter) Instagram Pinterest Vimeo
    Canadian Cyber WatchCanadian Cyber Watch
    • Home
    • News
    • Alerts
    • Tips
    • Tools
    • Industry
    • Incidents
    • Events
    • Education
    Subscribe
    Canadian Cyber WatchCanadian Cyber Watch
    Home»News»SonicWall warns of SMA1000 flaws exploited in zero-day attacks, patch now
    News

    SonicWall warns of SMA1000 flaws exploited in zero-day attacks, patch now

    adminBy adminJuly 14, 2026No Comments3 Mins Read
    Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
    Share
    Facebook Twitter LinkedIn Pinterest Email


    SonicWall

    SonicWall warns that threat actors have been exploiting two SMA1000 vulnerabilities, tracked as CVE-2026-15409 and CVE-2026-15410, in zero-day attacks and urges customers to install the newly released security updates.

    CVE-2026-15409 is a critical (CVSS 10.0) server-side request forgery (SSRF) vulnerability in the SMA1000 Appliance Work Place interface that allows a remote, unauthenticated attacker to force an appliance to make requests to unintended locations.

    CVE-2026-15410 is a high-severity (CVSS 7.2) post-authentication code injection flaw in the SMA1000 Appliance Management Console that could allow a remote authenticated administrator to execute arbitrary operating system commands.

    image

    While CVE-2026-15410 requires administrator privileges, SonicWall assigned the advisory an overall CVSS score of 10.0.

    SonicWall says it investigated multiple incidents and confirmed that both vulnerabilities are being actively exploited.

    “SonicWall PSIRT has investigated multiple cases indicating the active exploitation of the vulnerabilities described in this advisory,” SonicWall warned.

    “Customers are strongly urged to upgrade to the hotfix release as soon as possible to remediate these vulnerabilities”

    However, the company has not disclosed whether attackers are chaining them together. BleepingComputer has contacted SonicWall to clarify the attacks and will update this story if we receive a response.

    The vulnerabilities affect SMA1000 models 6210, 7210, and 8200v running platform-hotfix releases 12.4.3-03245, 12.4.3-03387, 12.4.3-03434, 12.5.0-02283, 12.5.0-02624, and 12.5.0-02800.  Fixes are available in platform-hotfix versions 12.4.3-03453 and 12.5.0-02835, and later releases. 

    SonicWall says the vulnerabilities do not impact SSL-VPN running on SonicWall firewalls or the SMA 100 Series product line.

    The company also shared indicators of compromise (IOCs) that administrators can use to determine whether an appliance has been compromised:

    • if in extraweb_access.log are mentioned requests to /__api__/login or /__api__/logout with HTTP 200 status
    • if in extraweb_access.log are mentioned requests to /wsproxy with suspicious host parameters with 101 HTTP status
    • if in ctrl-service.log are mentioned hotfix rollbacks with path traversal names
    • if /var/lib/unit/conf.json contains routes for /__api__/login or /__api__/logout (these URIs do not exist in legitimate configuration)

    SonicWall strongly recommends upgrading to the latest hotfix release and performing an analysis to determine if any of the above IOCs are present.

    If a device is found to be compromised, the company advises administrators to re-image physical appliances or redeploy virtual appliances, change all user and administrator passwords, and reset TOTP tokens.

    SonicWall also notes that there are no workarounds or mitigations for these flaws other than installing the hotfixes.

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added both vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, confirming they are being actively exploited in attacks.

    Federal agencies have until July 17, 2026, to secure affected systems under Binding Operational Directive (BOD) 26-04 or discontinue use of the product if mitigations cannot be applied.


    article image

    Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.

    The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

    Get the whitepaper



    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleNearly 300 GitHub repos pose as legit software to push malware
    Next Article Spanish Police take down €140 million cyber fraud ring, arrest four
    admin
    • Website

    Related Posts

    News

    Enterprise Asset Management Policy Template for the CIS Controls v8.1 (French)

    July 14, 2026
    News

    Spanish Police take down €140 million cyber fraud ring, arrest four

    July 14, 2026
    News

    Nearly 300 GitHub repos pose as legit software to push malware

    July 14, 2026
    Add A Comment

    Comments are closed.

    Demo
    Top Posts

    Catchy & Intriguing

    March 17, 202677 Views

    The Canadian Password Playbook: Navigating Compliance and Building Strong Passwords

    March 25, 202634 Views

    IP Address Investigations and Local OSINT

    March 20, 202633 Views
    Stay In Touch
    • Facebook
    • YouTube
    • TikTok
    • WhatsApp
    • Twitter
    • Instagram
    Latest Reviews
    85
    Featured

    Pico 4 Review: Should You Actually Buy One Instead Of Quest 2?

    January 15, 2021 Featured
    8.1
    Uncategorized

    A Review of the Venus Optics Argus 18mm f/0.95 MFT APO Lens

    January 15, 2021 Uncategorized
    8.9
    Editor's Picks

    DJI Avata Review: Immersive FPV Flying For Drone Enthusiasts

    January 15, 2021 Editor's Picks

    Subscribe to Updates

    Get the latest tech news from FooBar about tech, design and biz.

    Demo
    Most Popular

    Catchy & Intriguing

    March 17, 202677 Views

    The Canadian Password Playbook: Navigating Compliance and Building Strong Passwords

    March 25, 202634 Views

    IP Address Investigations and Local OSINT

    March 20, 202633 Views
    Our Picks

    Enterprise Asset Management Policy Template for the CIS Controls v8.1 (French)

    July 14, 2026

    Spanish Police take down €140 million cyber fraud ring, arrest four

    July 14, 2026

    SonicWall warns of SMA1000 flaws exploited in zero-day attacks, patch now

    July 14, 2026

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    Facebook X (Twitter) Instagram Pinterest
    • Home
    • Technology
    • Gaming
    • Phones
    • Buy Now
    © 2026 ThemeSphere. Designed by ThemeSphere.

    Type above and press Enter to search. Press Esc to cancel.