CVE-2021-20028

Name of the Vulnerable Software and Affected Versions SonicWall Secure Remote Access (SRA) appliances versions 8.x through 9.0.0.9-26sv

Description The issue is related to improper neutralization of a SQL command, leading to a SQL injection vulnerability. This vulnerability impacts end-of-life Secure Remote Access (SRA) products. The exploitation of this vulnerability may allow a remote attacker to execute arbitrary SQL queries.

Recommendations For SRA appliances running versions 8.x through 9.0.0.9-26sv, as a temporary workaround, consider disabling the SQL query execution functionality until a patch is available. Restrict access to the SQL database to minimize the risk of exploitation. Avoid using vulnerable SQL commands in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.