defense · TheHackerNews
SonicWall has disclosed active exploitation of two zero-day vulnerabilities affecting Secure Mobile Access (SMA) 1000 series appliances. CVE-2026-15409 is a server-side request forgery (SSRF) flaw with a CVSS score of 10.0 that allows unauthenticated remote attackers to cause the appliance to make unintended requests. CVE-2026-15410 is a post-authentication code injection vulnerability (CVSS 7.2) in the Appliance Management Console enabling authenticated attackers to execute arbitrary operating system commands with administrator privileges under certain conditions. SonicWall has released patches in versions 12.4.3-03453 and 12.5.0-02835 and recommends forensic analysis for indicators of compromise, including suspicious API login requests, WebSocket proxy activity, hotfix rollbacks, and unauthorized configuration routes. CISA has added both flaws to its Known Exploited Vulnerabilities catalog, requiring Federal Civilian Executive Branch agencies to patch by July 17, 2026.
Defense contractors and organizations operating SMA 1000 appliances as remote access infrastructure should prioritize immediate patching to protect controlled unclassified information (CUI) and comply with NIST 800-171 requirements on vulnerability management and system monitoring. SaaS and healthcare providers relying on SonicWall appliances for secure remote administration should treat this as a critical remediation task under SOC2 Type II controls and HIPAA security requirements, respectively. Organizations unable to patch immediately should implement forensic checks for the documented indicators of compromise and consider re-imaging or redeploying affected appliances; an Omniware engagement can scope detection and response capabilities in detail.
Source: The Hacker News - https://thehackernews.com/2026/07/two-sonicwall-sma-1000-zero-days.html
Source: TheHackerNews
All briefings