NewsSecurity Vulnerabilities

SonicWall Authenticated SMA100 Arbitrary Command Injection Vulnerability Is Been Exploited (CVE-2021-20035)

CVE number – CVE-2021-20035

Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a ‘nobody’ user, which could potentially lead to code execution.

This vulnerability is potentially being exploited in the wild.

Affected Versions

9.0.0.10-28sv and earlier

10.2.0.7-34sv and earlier

10.2.1.0-17sv and earlier

Further information – https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0022

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.