Cyber Blog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a security vulnerability affecting SonicWall Secure Mobile Access (SMA) 100 Series devices to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.

The flaw, tracked as CVE-2021-20035 and carrying a CVSS score of 7.2, is a high-severity command injection vulnerability. It allows remote, authenticated attackers to execute arbitrary commands within the system, potentially leading to full code execution.

“Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a ‘nobody’ user,” SonicWall explained in an advisory originally issued in September 2021.

While technical specifics of the current exploitation remain unclear, SonicWall has updated its advisory to confirm that “this vulnerability is potentially being exploited in the wild.”

In response, CISA is requiring Federal Civilian Executive Branch (FCEB) agencies to implement the necessary mitigations no later than May 7, 2025, to prevent further compromise and secure federal systems from active threats.