Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
WARNING: CRITICAL RCE VULNERABILITY IN SONICWALL SMA1000 APPLIANCE MANAGEMENT CONSOLE IS ACTIVELY EXPLOITED, PATCH IMMEDIATELY!
Image
Published : 23/01/2025
Reference:
Advisory #2025-19
Version:
1.1
Affected software:
SonicWall SMA1000 Appliance Management Console 12.4.3-02854
Type:
Pre-authentication Remote Command Execution
CVE/CVSS:
CVE-2025-23006: CVSS 9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Sources
SonicWall - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0002
SonicWall - https://www.sonicwall.com/support/knowledge-base/product-notice-urgent-security-notification-sma-1000/250120090802840
Risks
CVE-2025-23006 could enable attackers to completely compromise the device by allowing the execution of arbitrary operating system commands.
SonicWall has revealed that this vulnerability might already be exploited by threat actors. Impact is high on all fronts: confidentiality, integrity and availability.
Update (2025-01-27)
SonicWall confirmed the vulnerability is actively exploited by threat actors.
Description
A vulnerability involving pre-authentication deserialization of untrusted data has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC).
Details have not been disclosed yet, as SonicWall has warned that this vulnerability may already be exploited by threat actors. The company strongly advises users of the SMA1000 product to upgrade to the hotfix release version to address this issue.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
- Upgrade Immediately: Install version 12.4.3-02854 (platform-hotfix) or later.
- Restrict Access: Limit AMC and CMC access to trusted sources.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
Security Online - https://securityonline.info/cve-2025-23006-sonicwall-warns-of-active-exploits/