An older vulnerability in SonicWall’s SMA100 remote-access appliances has been actively exploited, prompting renewed attention from cybersecurity authorities, Cybersecurity Dive reports. The flaw, tracked as CVE-2021-20035, was first disclosed and patched in 2021 but has reemerged in real-world attacks. This week, the Cybersecurity and Infrastructure Security Agency (CISA) added the high-severity issue to its Known Exploited Vulnerabilities (KEV) catalog, urging swift action from federal agencies.The vulnerability results from improper handling of special characters in the SMA100 management interface. If exploited, attackers can remotely inject commands as a low-privileged user, opening the door to potential code execution. Originally considered medium in severity, SonicWall later reassessed the flaw with a higher score of 7.2 on the CVSS scale. The window for federal agencies to patch or discontinue use of unmitigated devices closes on May 7, per CISA guidance.Security researchers have observed increased interest from threat actors in exploiting edge devices, including VPNs and firewalls, which serve as critical entry points to enterprise networks. SonicWall appliances have frequently appeared in threat intelligence reports, with both cybercriminals and nation-state actors targeting known weaknesses. A similar pattern emerged earlier this year when another SonicWall vulnerability, CVE-2024-53704, was flagged for public exposure.The resurgence of CVE-2021-20035 underscores the long tail of risk associated with unpatched devices. Despite being disclosed years ago, the flaw remains a threat where older firmware is still in use. Organizations are being urged to update to the latest firmware versions and maintain strong patch management practices to stay ahead of exploitation trends.
Breach, Vulnerability Management
Old SonicWall Vulnerability Resurfaces in Active Attacks
(Adobe Stock)
You can skip this ad in 5 seconds