The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced on Wednesday an addition to the Known Exploited Vulnerabilities catalog, highlighting a security flaw affecting SonicWall Secure Mobile Access (SMA) 100 Series gateways that is actively being exploited.
This high-severity vulnerability, known as CVE-2021-20035 with a CVSS score of 7.2, involves an operating system command injection issue that could lead to code execution.
“A remote authenticated attacker could inject arbitrary commands as a ‘nobody’ user due to improper neutralization of special elements in the SMA100 management interface, potentially resulting in code execution,” SonicWall stated in a advisory released in September 2021.
The vulnerability impacts various SMA devices, including SMA 200, SMA 210, SMA 400, SMA 410, and SMA 500v (ESX, KVM, AWS, Azure) running specific versions:
- 10.2.1.0-17sv and earlier (Fixed in 10.2.1.1-19sv and higher)
- 10.2.0.7-34sv and earlier (Fixed in 10.2.0.8-37sv and higher)
- 9.0.0.10-28sv and earlier (Fixed in 9.0.0.11-31sv and higher)
Although the exact details of the exploitation are not fully known, SonicWall has updated the bulletin to acknowledge the potential exploitation of CVE-2021-20035 in the wild.
Federal Civilian Executive Branch (FCEB) agencies are required to implement necessary mitigations by May 7, 2025, to protect their networks against active threats.
If you found this article informative, make sure to follow us on Twitter and LinkedIn for more exclusive content.
