High Threat Security Alert (A25-04-19): Vulnerability in SonicWall SMA 100 Series Products

Description:

SonicWall released a security advisory to address vulnerability in SMA 100 series products. An attacker could exploit the vulnerability by sending specially crafted requests to an affected system.

Reports indicated that the remote code execution vulnerability (CVE-2021-20035) in SonicWall SMA 100 Series is being exploited in the wild. System administrators are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.

Affected Systems:

• SonicWall SMA 100 series prior to version 9.0.0.10-28sv
• SonicWall SMA 100 series prior to version 10.2.0.7-34sv
• SonicWall SMA 100 series prior to version 10.2.1.0-17sv

For detailed information of the affected systems, please refer to the corresponding security advisories at vendor's website.

Impact:

Successful exploitation of the vulnerability could lead to remote code execution on the affected system.

Recommendation:

Patches for affected systems are now available. Administrators of affected systems should follow the recommendations provided by the vendor and take immediate actions to mitigate the risk.

More Information:

• https://www.sonicwall.com/support/notices/product-notice-arbitrary-command-injection-vulnerability-in-sonicwall-sma-100-series-appliances/250415122607607
• https://www.hkcert.org/security-bulletin/sonicwall-products-multiple-vulnerabilities_20250422
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20035