{"id":10926,"date":"2025-07-25T11:51:03","date_gmt":"2025-07-25T17:51:03","guid":{"rendered":"https:\/\/beaconlab.us\/?post_type=publicacion&#038;p=10926"},"modified":"2025-07-25T11:51:37","modified_gmt":"2025-07-25T17:51:37","slug":"alerta-2025-65-vulnerabilidad-grave-en-sonicwall-sma-serie-100","status":"publish","type":"publicacion","link":"https:\/\/beaconlab.us\/es\/publicacion\/alerta-2025-65-vulnerabilidad-grave-en-sonicwall-sma-serie-100\/","title":{"rendered":"Alerta 2025-65 Vulnerabilidad Grave en SonicWall SMA Serie 100"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">Producto(s) afectado(s):&nbsp;<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>SonicWall Secure Mobile Access (SMA) Serie 100<\/li>\n\n\n\n<li>Modelos: SMA 210, SMA 410, SMA 500v<\/li>\n\n\n\n<li>Versiones: 10.2.1.15-81sv y anteriores<\/li>\n<\/ul>\n\n\n\n<p><em>Esta vulnerabilidad no afecta a los productos de la serie SonicWall SSL VPN SMA1000 ni a SSL-VPN que se ejecutan en firewalls SonicWall.<\/em><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Descripci\u00f3n<\/h2>\n\n\n\n<p>Se ha identificado una <strong>vulnerabilidad cr\u00edtica<\/strong> (CVE-2025-40599) en la interfaz de administraci\u00f3n web de los dispositivos SonicWall SMA 100.<br>Esta falla permite a un atacante con privilegios administrativos <strong>subir archivos maliciosos<\/strong> al dispositivo, lo que podr\u00eda llevar a una <strong>ejecuci\u00f3n remota de c\u00f3digo (RCE)<\/strong>.<\/p>\n\n\n\n<p>Aunque <strong>no se ha confirmado su explotaci\u00f3n activa<\/strong>, existe riesgo elevado debido a recientes ataques que, se sospechan, aprovecharon otras fallas anteriores y as\u00ed como tambi\u00e9n <strong>credenciales robadas<\/strong> para comprometer dispositivos SMA 100 que hab\u00edan estado completamente parcheados para implantar backdoors (\u201cpuertas traseras\u00bb).<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Soluci\u00f3n:<\/h2>\n\n\n\n<p><strong>Actualizar inmediatamente<\/strong> los dispositivos a la versi\u00f3n <strong>10.2.2.1-90sv o superior<\/strong>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Informaci\u00f3n adicional:<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/psirt.global.sonicwall.com\/vuln-detail\/SNWLID-2025-0014\">https:\/\/psirt.global.sonicwall.com\/vuln-detail\/SNWLID-2025-0014<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/cloud.google.com\/blog\/topics\/threat-intelligence\/sonicwall-secure-mobile-access-exploitation-overstep-backdoor\">https:\/\/cloud.google.com\/blog\/topics\/threat-intelligence\/sonicwall-secure-mobile-access-exploitation-overstep-backdoor<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.securityweek.com\/sonicwall-patches-critical-sma-100-vulnerability-warns-of-recent-malware-attack\/\">https:\/\/www.securityweek.com\/sonicwall-patches-critical-sma-100-vulnerability-warns-of-recent-malware-attack\/<\/a><\/li>\n<\/ul>\n","protected":false},"featured_media":10927,"template":"","class_list":["post-10926","publicacion","type-publicacion","status-publish","has-post-thumbnail","hentry"],"acf":{"activar_pdf_link":false,"pdf":null,"numero_de_boletin":"","traffic_light_protocol":"Amber"},"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/beaconlab.us\/es\/wp-json\/wp\/v2\/publicacion\/10926","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/beaconlab.us\/es\/wp-json\/wp\/v2\/publicacion"}],"about":[{"href":"https:\/\/beaconlab.us\/es\/wp-json\/wp\/v2\/types\/publicacion"}],"version-history":[{"count":2,"href":"https:\/\/beaconlab.us\/es\/wp-json\/wp\/v2\/publicacion\/10926\/revisions"}],"predecessor-version":[{"id":10930,"href":"https:\/\/beaconlab.us\/es\/wp-json\/wp\/v2\/publicacion\/10926\/revisions\/10930"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/beaconlab.us\/es\/wp-json\/wp\/v2\/media\/10927"}],"wp:attachment":[{"href":"https:\/\/beaconlab.us\/es\/wp-json\/wp\/v2\/media?parent=10926"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}