Security News > 2025 > April > CISA Flags Actively Exploited Vulnerability in SonicWall SMA Devices

CISA Flags Actively Exploited Vulnerability in SonicWall SMA Devices
2025-04-17 05:44

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a security flaw impacting SonicWall Secure Mobile Access (SMA) 100 Series gateways to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The high-severity vulnerability, tracked as CVE-2021-20035 (CVSS score: 7.2), relates to a case of operating system command injection


News URL

https://thehackernews.com/2025/04/cisa-flags-actively-exploited.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-09-27 CVE-2021-20035 OS Command Injection vulnerability in Sonicwall products
Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user which potentially leads to DoS.
network
low complexity
sonicwall CWE-78
6.5

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Sonicwall 121 0 41 74 41 156
SMA 44 0 1 9 8 18