U.S. CISA Adds SonicWall SMA100 Appliance Flaw to Its Known Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has taken a crucial step in protecting the nation's networks by adding a critical vulnerability in the SonicWall SMA100 Appliance to its Known Exploited Vulnerabilities catalog. The move comes as part of CISA's efforts to inform federal agencies, private organizations, and individuals about known exploits that can compromise their security.
The vulnerability, tracked as CVE-2021-20035, is an OS Command Injection Vulnerability in the SMA100 management interface. According to CISA, a remote authenticated attacker can exploit this flaw to inject arbitrary commands as a 'nobody' user, which could potentially lead to arbitrary code execution. This means that even an unauthenticated attacker with limited privileges can execute malicious code on the affected system.
"Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a ‘nobody’ user, which could potentially lead to code execution," reads the advisory. This vulnerability is being actively exploited in the wild, and CISA warns that it poses a significant risk to networks.
The affected versions of SonicWall SMA100 Appliance are 9.0.0.10-28sv and earlier, 10.2.0.7-34sv and earlier, and 10.2.1.0-17sv and earlier. As part of its Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, federal agencies have a deadline to address this identified vulnerability by May 7, 2025.
Experts recommend that private organizations review the CISA catalog and take immediate action to patch their infrastructure against this exploit. With the rise in cyber threats, it is essential for organizations of all sizes to stay vigilant and proactive in protecting their networks.
CISA has added another set of vulnerabilities to its Known Exploited Vulnerabilities catalog in recent days. The new additions include Linux Kernel flaws tracked as CVE-2024-53197 and CVE-2024-53150, Gladinet CentreStack flaw tracked as CVE-2025-30406, and ZTA Microsoft Windows Common Log File System (CLFS) Driver flaw tracked as CVE-2025-29824. These updates highlight the ongoing threat landscape and emphasize the importance of staying informed about known exploits.
Stay ahead of the curve by following CISA's updates on Twitter (@securityaffairs), Facebook, and Mastodon. Together, we can work towards a safer digital world for all.