CISA Flags Actively Exploited SonicWall SMA Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a security vulnerability affecting SonicWall Secure Mobile Access (SMA) 100 Series gateways to its Known Exploited Vulnerabilities (KEV) catalog after confirming evidence of active exploitation.
The flaw, identified as CVE-2021-20035 and rated high severity with a CVSS score of 7.2, involves an operating system command injection vulnerability that can potentially allow attackers to execute arbitrary code.
According to a security advisory issued by SonicWall in September 2021, the vulnerability stems from improper input handling in the SMA100 management interface, allowing a remote authenticated attacker to run arbitrary commands as the low-privilege 'nobody' user, which could lead to full code execution.
The vulnerability affects the following SonicWall devices and versions:
SMA 200, 210, 400, 410, and 500v (ESX, KVM, AWS, Azure)
Versions impacted:
- 10.2.1.0-17sv and earlier (patched in 10.2.1.1-19sv and later)
- 10.2.0.7-34sv and earlier (patched in 10.2.0.8-37sv and later)
- 9.0.0.10-28sv and earlier (patched in 9.0.0.11-31sv and later)
While technical details on how the vulnerability is being exploited remain unclear, SonicWall has updated its advisory to confirm the flaw is "potentially being exploited in the wild."
CISA has mandated that Federal Civilian Executive Branch (FCEB) agencies implement the required patches and mitigations by May 7, 2025, to defend against active threats targeting their networks.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
