Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
SonicWall Urges Patch for Critical SMA 1000 Vulnerabilities

SonicWall Urges Patch for Critical SMA 1000 Vulnerabilities

Posted on July 15, 2026 By CWS

SonicWall has issued an urgent alert regarding the active exploitation of two significant zero-day vulnerabilities affecting its Secure Mobile Access (SMA) 1000 series appliances. These vulnerabilities present serious security risks, with one enabling arbitrary command execution by attackers.

Details of the Vulnerabilities

The two vulnerabilities are identified as CVE-2026-15409 and CVE-2026-15410. The first, with a critical CVSS score of 10.0, is a server-side request forgery (SSRF) flaw. It can allow a remote, unauthenticated attacker to manipulate the appliance into making unauthorized requests. The second, with a CVSS score of 7.2, involves post-authentication code injection within the Appliance Management Console (AMC), potentially allowing an authenticated attacker to execute system commands with administrative privileges.

Immediate Patch Deployment Recommended

SonicWall has confirmed multiple exploitations of these vulnerabilities and strongly advises customers to implement the available patches without delay. The necessary updates are included in the platform-hotfix versions 12.4.3-03453 and 12.5.0-02835, along with their subsequent releases. Additionally, SonicWall recommends conducting comprehensive forensic analyses to identify any indicators of compromise (IoCs) that may suggest exploitation.

Indicators of Compromise and Remediation Steps

Key indicators of compromise include specific log entries and configuration changes. These include requests in the extraweb_access.log to /__api__/login or /__api__/logout with a 200 HTTP status, and suspicious host parameters in /wsproxy requests with a 101 HTTP status. If any IoCs are detected, re-imaging physical devices, redeploying virtual appliances, resetting passwords, and updating time-based one-time password tokens are advised.

The vulnerabilities were identified by SonicWall’s Product Security Incident Response Team (PSIRT), led by Adam Babis, with additional contributions from Volexity’s Sean Koessel and Steven Adair, who aided in uncovering further IoCs.

Broader Security Implications

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has reacted to the discovery by adding these vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. This action mandates Federal Civilian Executive Branch (FCEB) agencies to apply the necessary patches by July 17, 2026, underscoring the critical nature of these security flaws.

The swift response from SonicWall and ongoing updates highlight the importance of proactive security measures and timely patch management in safeguarding enterprise networks against emerging threats.

The Hacker News Tags:CISA, CVE-2026-15409, CVE-2026-15410, cyber threat, Cybersecurity, enterprise security, forensic analysis, patch update, PSIRT, SMA 1000, SonicWall, zero-day vulnerabilities

Post navigation

Previous Post: Microsoft Patches Critical Active Directory Vulnerability
Next Post: Critical Security Updates for Notepad++ to Block Exploits

Related Posts

OXLOADER Exploits Malicious Ads to Spread CastleStealer OXLOADER Exploits Malicious Ads to Spread CastleStealer The Hacker News
Microsoft Alerts on OAuth Redirect Exploitation in Phishing Attacks Microsoft Alerts on OAuth Redirect Exploitation in Phishing Attacks The Hacker News
Iranian Hackers Maintain 2-Year Access to Middle East CNI via VPN Flaws and Malware Iranian Hackers Maintain 2-Year Access to Middle East CNI via VPN Flaws and Malware The Hacker News
CISA and NSA Issue Urgent Guidance to Secure WSUS and Microsoft Exchange Servers CISA and NSA Issue Urgent Guidance to Secure WSUS and Microsoft Exchange Servers The Hacker News
How to Automate CVE and Vulnerability Advisory Response with Tines How to Automate CVE and Vulnerability Advisory Response with Tines The Hacker News
VoidLink Linux Malware Framework Built with AI Assistance Reaches 88,000 Lines of Code VoidLink Linux Malware Framework Built with AI Assistance Reaches 88,000 Lines of Code The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Critical Security Updates for Notepad++ to Block Exploits
  • SonicWall Urges Patch for Critical SMA 1000 Vulnerabilities
  • Microsoft Patches Critical Active Directory Vulnerability
  • SonicWall Urges Immediate Update for SMA Zero-Day Flaws
  • Windows BitLocker Vulnerability Poses Security Risks

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Critical Security Updates for Notepad++ to Block Exploits
  • SonicWall Urges Patch for Critical SMA 1000 Vulnerabilities
  • Microsoft Patches Critical Active Directory Vulnerability
  • SonicWall Urges Immediate Update for SMA Zero-Day Flaws
  • Windows BitLocker Vulnerability Poses Security Risks

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark