The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a security flaw impacting SonicWall Secure Mobile Access (SMA) 100 Series gateways to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The high-severity vulnerability, tracked as CVE-2021-20035 (CVSS score: 7.2), relates to a case of operating system command injection that could result in code execution.
“Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a ‘nobody’ user, which could potentially lead to code execution,” SonicWall said in an advisory released in September 2021.
The flaw impacts SMA 200, SMA 210, SMA 400, SMA 410, and SMA 500v (ESX, KVM, AWS, Azure) devices running the following versions –
- 10.2.1.0-17sv and earlier (Fixed in 10.2.1.1-19sv and higher)
- 10.2.0.7-34sv and earlier (Fixed in 10.2.0.8-37sv and higher)
- 9.0.0.10-28sv and earlier (Fixed in 9.0.0.11-31sv and higher)
While the exact details surrounding the exploitation of CVE-2021-20035 are presently unknown, SonicWall has since revised the bulletin to acknowledge that “this vulnerability is potentially being exploited in the wild.”
Federal Civilian Executive Branch (FCEB) agencies are required to apply the necessary mitigations by May 7, 2025, to secure their networks against active threats.
