Security News > 2021 > February > SonicWall Patches SMA Zero-Day Vulnerability Exploited in Attacks
SonicWall on Wednesday announced that it released firmware updates for its Secure Mobile Access 100 series appliances to patch an actively exploited zero-day vulnerability.
Which specializes in firewalls and other cybersecurity solutions, previously told SecurityWeek that a few thousand devices are exposed to attacks due to the vulnerability.
The critical patch can be applied to SMA 200, 210, 400 and 410 physical appliances, and SMA 500v virtual appliances on Azure, AWS, ESXi and Hyper-V. Other SonicWall products do not appear to be impacted.
"A vulnerability resulting in improper SQL command neutralization in the SonicWall SSLVPN SMA100 product allows remote exploitation for credential access by an unauthenticated attacker," reads SonicWall's advisory for CVE-2021-20016.
SonicWall informed customers on January 22 that its internal systems were targeted in an attack apparently launched by sophisticated threat actors that may have exploited zero-day vulnerabilities in the company's secure remote access products.
Until the patches were made available, SonicWall shared some recommendations on how customers can prevent potential attacks, including by enabling multi-factor authentication, blocking access to appliances on the firewall, shutting down vulnerable devices, or downgrading firmware to a version that is not affected.
News URL
Related news
- PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- Apple fixes zero-day exploited in 'extremely sophisticated' attacks (source)
- Apple fixes zero-day flaw exploited in “extremely sophisticated” attack (CVE-2025-24200) (source)
- Critical PostgreSQL bug tied to zero-day attack on US Treasury (source)
- SonicWall firewall bug leveraged in attacks after PoC exploit release (source)
- SonicWall firewalls now under attack: Patch ASAP or risk intrusion via your SSL VPN (source)
- Microsoft fixes Power Pages zero-day bug exploited in attacks (source)
- CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-04 | CVE-2021-20016 | SQL Injection vulnerability in Sonicwall products A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. | 9.8 |