CyberSecurity news
FlagThis
info@thehackernews.com (The@The Hacker News
//
CISA has added CVE-2021-20035, a high-severity vulnerability affecting SonicWall SMA100 series appliances, to its Known Exploited Vulnerabilities (KEV) catalog. This flaw, an OS command injection vulnerability in the SMA100 management interface, allows remote attackers to execute arbitrary code. The Cybersecurity and Infrastructure Security Agency (CISA) issued the alert on April 16, 2025, based on evidence of active exploitation in the wild. SonicWall originally disclosed the vulnerability in September 2021, and updated the advisory noting it has been reportedly exploited in the wild, and has updated the summary and revised the CVSS score to 7.2.
The vulnerability, tracked as CVE-2021-20035, stems from improper neutralization of special elements in the SMA100 management interface. Specifically, a remote authenticated attacker can inject arbitrary commands as a 'nobody' user, potentially leading to code execution. The affected SonicWall devices include SMA 200, SMA 210, SMA 400, SMA 410, and SMA 500v appliances running specific firmware versions.
CISA has mandated that Federal Civilian Executive Branch (FCEB) agencies apply the necessary mitigations by May 7, 2025, to protect their networks from this actively exploited vulnerability. Remediation steps include applying the latest security patches provided by SonicWall to all affected SMA100 appliances and restricting management interface access to trusted networks. CISA strongly advises all organizations, including state, local, tribal, territorial governments, and private sector entities, to prioritize remediation of this cataloged vulnerability to enhance their cybersecurity posture.
ImgSrc: blogger.googleu
References :
The vulnerability, tracked as CVE-2021-20035, stems from improper neutralization of special elements in the SMA100 management interface. Specifically, a remote authenticated attacker can inject arbitrary commands as a 'nobody' user, potentially leading to code execution. The affected SonicWall devices include SMA 200, SMA 210, SMA 400, SMA 410, and SMA 500v appliances running specific firmware versions.
CISA has mandated that Federal Civilian Executive Branch (FCEB) agencies apply the necessary mitigations by May 7, 2025, to protect their networks from this actively exploited vulnerability. Remediation steps include applying the latest security patches provided by SonicWall to all affected SMA100 appliances and restricting management interface access to trusted networks. CISA strongly advises all organizations, including state, local, tribal, territorial governments, and private sector entities, to prioritize remediation of this cataloged vulnerability to enhance their cybersecurity posture.
ImgSrc: blogger.googleu
Share:
References :
- chemical-facility-security-news.blogspot.com: CISA Adds SonicWall Vulnerability to KEV Catalog – 4-16-25
- securityaffairs.com: U.S. CISA adds SonicWall SMA100 Appliance flaw to its Known Exploited Vulnerabilities catalog
- The Hacker News: Details on the exploitation of the vulnerability
- Cyber Security News: CISA Alerts on Exploited SonicWall Command Injection Vulnerabilityâ€
- gbhackers.com: CISA Issues Alert on SonicWall Flaw Being Actively Exploited
- BleepingComputer: On Wednesday, CISA warned federal agencies to secure their SonicWall Secure Mobile Access (SMA) 100 series appliances against attacks exploiting a high-severity remote code execution vulnerability. [...]
- gbhackers.com: GBHackers: CISA Issues Alert on SonicWall Flaw Being Actively Exploited
- securityonline.info: CISA Alert: Actively Exploited SonicWall SMA100 Vulnerability
- The DefendOps Diaries: CISA flags critical SonicWall vulnerabilities: Urgent mitigation required to prevent cyber attacks
- www.cybersecuritydive.com: Older SonicWall SMA100 vulnerability exploited in the wild
- Arctic Wolf: Credential Access Campaign Targeting SonicWall SMA Devices Potentially Linked to Exploitation of CVE-2021-20035
- Help Net Security: Sonicwall SMA100 vulnerability exploited by attackers (CVE-2021-20035)
- Arctic Wolf: Credential Access Campaign Targeting SonicWall SMA Devices Potentially Linked to Exploitation of CVE-2021-20035
- arcticwolf.com: On 15 April 2025, SonicWall published a product notice regarding CVE-2021-20035, a vulnerability impacting SonicWall SMA 100 series appliances.
- The DefendOps Diaries: Understanding and Mitigating the SonicWall SMA Vulnerability
- BleepingComputer: A remote code execution vulnerability affecting SonicWall Secure Mobile Access (SMA) appliances has been under active exploitation since at least January 2025, according to cybersecurity company Arctic Wolf.
- bsky.app: A remote code execution vulnerability affecting SonicWall Secure Mobile Access (SMA) appliances has been under active exploitation since at least January 2025, according to cybersecurity company Arctic Wolf.
- www.scworld.com: Cybersecurity Dive reports that active exploitation of the nearly half a decade-old high-severity SonicWall SMA100 remote-access appliance operating system command injection flaw
- www.helpnetsecurity.com: Sonicwall SMA100 vulnerability exploited by attackers (CVE-2021-20035)
- securityaffairs.com: CISA adds SonicWall SMA100 Appliance flaw to its Known Exploited Vulnerabilities catalog.
- Help Net Security: CVE-2021-20035, an old vulnerability affecting Sonicwall Secure Mobile Access (SMA) 100 series appliances, is being exploited by attackers.
- arcticwolf.com: Details the credential access campaign targeting SonicWall SMA devices and its potential link to CVE-2021-20035 exploitation.
- securityaffairs.com: Attackers exploited SonicWall SMA appliances since January 2025
- securityaffairs.com: Attackers exploited SonicWall SMA appliances since January 2025
- www.bleepingcomputer.com: SonicWall SMA VPN devices targeted in attacks since January
Classification:
- HashTags: #SonicWall #Vulnerability #CISA
- Company: SonicWall
- Target: SonicWall SMA100 users
- Product: SMA100
- Feature: OS Command Injection
- Type: Vulnerability
- Severity: Major