CISA Warns of Actively Exploited Vulnerability in SonicWall SMA Devices
Date: April 17, 2025
Category: Vulnerability / Network Security
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has categorized a significant security flaw affecting SonicWall Secure Mobile Access (SMA) 100 Series gateways as a Known Exploited Vulnerability (KEV) due to ongoing active exploitation. This high-severity vulnerability, identified as CVE-2021-20035 (CVSS score: 7.2), involves an operating system command injection that may allow for unauthorized code execution.
According to SonicWall’s advisory from September 2021, “improper neutralization of special elements in the SMA100 management interface permits a remote authenticated attacker to inject arbitrary commands as a ‘nobody’ user, potentially leading to code execution.”
The vulnerability impacts the following models: SMA 200, SMA 210, SMA 400, SMA 410, and SMA 500v (ESX, KVM, AWS, Azure) running specific versions—10.2.1.0-17sv and earlier (patched in 10.2.1.1-19sv and higher), 10.2.0.7-34sv and earlier (patched in 10.2.0.8-37sv and higher), and 9.0…