CyberSecurity news
FlagThis
info@thehackernews.com (The@The Hacker News
//
A critical vulnerability, CVE-2021-20035, in SonicWall Secure Mobile Access (SMA) 100 series appliances is under active exploitation, according to recent reports. The vulnerability, which stems from improper neutralization of special elements in the SMA100 management interface, allows attackers to remotely inject arbitrary commands, potentially leading to code execution. This flaw affects SMA100 devices running older firmware, prompting immediate concern and action from cybersecurity experts. The Cybersecurity and Infrastructure Security Agency (CISA) has added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, highlighting the urgency for federal agencies and other organizations to address the issue.
Exploitation of this older SonicWall SMA100 vulnerability has been underway since January 2025, with cybersecurity firm Arctic Wolf tracking a campaign specifically targeting VPN credential access on SonicWall SMA devices. This campaign is believed to be directly related to the CVE-2021-20035 vulnerability. SonicWall itself has acknowledged the active exploitation, with a spokesperson stating that they are actively investigating the scope and details of the attacks. This revelation underscores the increasing trend of threat actors targeting edge devices, such as VPNs and firewalls, to gain unauthorized access.
Given the active exploitation, CISA has mandated that federal civilian executive branch agencies patch their SonicWall appliances or discontinue their use if mitigations cannot be applied by May 7. SonicWall urges customers to follow mitigation steps outlined in its advisory and upgrade to the latest firmware as a best practice. As SonicWall vulnerabilities have been a popular target for threat actors in recent years, the Cybersecurity Dive notes patching and timely firmware updates are key to protection.
ImgSrc: blogger.googleu
References :
Exploitation of this older SonicWall SMA100 vulnerability has been underway since January 2025, with cybersecurity firm Arctic Wolf tracking a campaign specifically targeting VPN credential access on SonicWall SMA devices. This campaign is believed to be directly related to the CVE-2021-20035 vulnerability. SonicWall itself has acknowledged the active exploitation, with a spokesperson stating that they are actively investigating the scope and details of the attacks. This revelation underscores the increasing trend of threat actors targeting edge devices, such as VPNs and firewalls, to gain unauthorized access.
Given the active exploitation, CISA has mandated that federal civilian executive branch agencies patch their SonicWall appliances or discontinue their use if mitigations cannot be applied by May 7. SonicWall urges customers to follow mitigation steps outlined in its advisory and upgrade to the latest firmware as a best practice. As SonicWall vulnerabilities have been a popular target for threat actors in recent years, the Cybersecurity Dive notes patching and timely firmware updates are key to protection.
ImgSrc: blogger.googleu
Share:
References :
- Arctic Wolf: Credential Access Campaign Targeting SonicWall SMA Devices Potentially Linked to Exploitation of CVE-2021-20035
- securityaffairs.com: Attackers exploited SonicWall SMA appliances since January 2025
- The DefendOps Diaries: Understanding and Mitigating the SonicWall SMA Vulnerability
- www.cybersecuritydive.com: Older SonicWall SMA100 vulnerability exploited in the wild
- www.scworld.com: Attacks involving old SonicWall SMA100 vulnerability underway
- arcticwolf.com: Credential Access Campaign Targeting SonicWall SMA Devices Potentially Linked to Exploitation of CVE-2021-20035
- BleepingComputer: SonicWall SMA VPN devices targeted in attacks since January
- www.helpnetsecurity.com: Sonicwall SMA100 vulnerability exploited by attackers (CVE-2021-20035)
Classification:
- HashTags: #SonicWall #SMA #Vulnerability
- Company: SonicWall
- Target: SonicWall SMA appliances
- Product: SMA
- Feature: Remote Code Execution
- Type: Vulnerability
- Severity: Major