US Cybersecurity Agency and US Infrastructure (CISA) added Lack of security affecting safe mobile access Sonicwall (Fat) 100 gateway series to known exploited vulnerabilities (Ship) A catalog based on evidence of active operation.
High-speed vulnerability, tracked as the CVE-2021-20035 (CVSS: 7.2), is due to the case of the operating system injection, which may lead to the code.
“Incorrect neutralization of special elements in the SMA100 control interface allows for remote authentic attackers to enter arbitrary commands as a” no one “that can potentially lead to code,” Sonicwall – Note In a consultation published in September 2021.
Disadvantage consequences SMAs 200, SMA 210, SMA 400, SMA 410 and SMA 500V (ESX, KVM, AWS, Azure) work with the following versions –
- 10.2.1.0-17sv and previously (fixed at 10.2.1.1-19SV and above)
- 10.2.0.7-34SV and previously (fixed at 10.2.0.8-37SV and above)
- 9.0.0.10-28s and previously (fixed in 9.0.0.11-31SV and above)
While the exact details associated with the operation of the CVE-2021-20035, now unknown, Sonicwall has since revised the newsletter to admit that “this vulnerability is potentially used in the wild.”
The Federal Civil Executive Agency (FCEB) agencies must apply the necessary softening by May 7, 2025 to provide their networks from active threats.
