Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.exchange/users/screaminggoat/statuses/113877620549384238">screaminggoat (screaminggoat@infosec.exchange)'s status on Thursday, 23-Jan-2025 21:21:41 JST</a><a href="https://infosec.exchange/@screaminggoat" title="screaminggoat@infosec.exchange"><img src="https://gnusocial.jp/avatar/278335-48-20250102170004.webp" width="48" height="48" alt="screaminggoat" style="position: absolute; left: 0; top: 0;">screaminggoat</a><div><ul><li><li><a href="https://gnusocial.jp/user/38360" title="gossithedog@cyberplace.social">Kevin Beaumont</a></li><li><a href="https://gnusocial.jp/user/161036" title="cr0w@infosec.exchange">cR0w :cascadia:</a></li></ul></div></section><article><p>SonicWall exploited zero-day: <a href="https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0002" rel="nofollow">SMA1000 Pre-Authentication Remote Command Execution Vulnerability</a><br>CVE-2025-23006 (9.8 critical) Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands.</p><p>IMPORTANT: SonicWall PSIRT has been notified of possible active exploitation of the referenced vulnerability by threat actors</p><p>cc: <a href="https://a.gup.pe/u/goatyell" rel="nofollow">@goatyell</a> <a href="https://infosec.exchange/@cR0w">@cR0w</a> <a href="https://cyberplace.social/@GossiTheDog" rel="nofollow">@GossiTheDog</a> <a href="https://infosec.exchange/@briankrebs">@briankrebs</a> </p><p><a href="https://infosec.exchange/tags/zeroday" rel="tag">#zeroday</a> <a href="https://infosec.exchange/tags/CVE_2025_23006" rel="tag">#CVE_2025_23006</a> <a href="https://infosec.exchange/tags/sonicwall" rel="tag">#sonicwall</a> <a href="https://infosec.exchange/tags/vulnerability" rel="tag">#vulnerability</a> <a href="https://infosec.exchange/tags/CVE" rel="tag">#CVE</a> <a href="https://infosec.exchange/tags/infosec" rel="tag">#infosec</a> <a href="https://infosec.exchange/tags/cybersecurity" rel="tag">#cybersecurity</a> <a href="https://infosec.exchange/tags/eitw" rel="tag">#eitw</a> <a href="https://infosec.exchange/tags/activeexploitation" rel="tag">#activeexploitation</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/4431777#notice-8670714">In conversation</a><time datetime="2025-01-23T21:21:41+09:00" title="Thursday, 23-Jan-2025 21:21:41 JST">about 4 months ago</time> <span>from <span><a href="https://infosec.exchange/@screaminggoat/113877620549384238" rel="external" title="Sent from infosec.exchange via ActivityPub">infosec.exchange</a></span></span><a href="https://infosec.exchange/@screaminggoat/113877620549384238">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
screaminggoat (screaminggoat@infosec.exchange)'s status on Thursday, 23-Jan-2025 21:21:41 JSTscreaminggoat
SonicWall exploited zero-day: SMA1000 Pre-Authentication Remote Command Execution Vulnerability
CVE-2025-23006 (9.8 critical) Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands.
IMPORTANT: SonicWall PSIRT has been notified of possible active exploitation of the referenced vulnerability by threat actors
cc: @goatyell @cR0w @GossiTheDog @briankrebs
#zeroday #CVE_2025_23006 #sonicwall #vulnerability #CVE #infosec #cybersecurity #eitw #activeexploitation
In conversationabout 4 months ago from infosec.exchangepermalink

Public

Embed Notice

HTML Code

Corresponding Notice