PT-2021-2884 · Sonicwall · Sonicwall Sma100 Sslvpn
Published
2021-01-23
·
Updated
2025-11-21
·
CVE-2021-20016
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SonicWall SSLVPN SMA100 versions 10.x
Description
The issue is related to a SQL Injection vulnerability in the SonicWall SSLVPN SMA100 product. This vulnerability allows a remote unauthenticated attacker to perform SQL queries to access sensitive information, including usernames and passwords. The vulnerability is due to the lack of protection against SQL query structure attacks.
Recommendations
For SonicWall SSLVPN SMA100 versions 10.x, update to a version that includes a fix for this SQL Injection vulnerability. As a temporary workaround, consider restricting access to the SQL query functionality until a patch is available.
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sonicwall Sma100 Sslvpn