CVE-2021-20035

Name of the Vulnerable Software and Affected Versions SonicWall SMA 100 series appliances SonicWall SMA 200 SonicWall SMA 210 SonicWall SMA 400 SonicWall SMA 410 SonicWall SMA 500v versions prior to the fixed version

Description A command injection flaw exists in the management interface of SonicWall SMA 100 series appliances, and other models (SMA 200, 210, 400, 410, and 500v). This allows a remote, authenticated attacker to inject arbitrary commands as a 'nobody' user, potentially leading to a denial-of-service (DoS) or remote code execution (RCE). The vulnerability is due to improper neutralization of special elements. This issue has been actively exploited since January 2025, with attackers attempting to steal VPN credentials and potentially gain further access to networks. The vulnerability has been added to CISA’s Known Exploited Vulnerabilities Catalog, requiring federal agencies to patch by May 7, 2025. The API endpoints and vulnerable parameters were not specified.

Recommendations Apply the security update for SonicWall SMA 100 series appliances. Apply the security update for SonicWall SMA 200. Apply the security update for SonicWall SMA 210. Apply the security update for SonicWall SMA 400. Apply the security update for SonicWall SMA 410. Apply the security update for SonicWall SMA 500v.