Attackers are actively exploiting CVE-2021-20035, an old vulnerability affecting Sonicwall Secure Mobile Access (SMA) 100 series appliances. Sonicwall has recently updated their security advisory to acknowledge the exploitation of this vulnerability, which was previously only known to lead to denial of service (DoS) attacks but is now recognized as potentially allowing for code execution.
The Sonicwall SMA 100 series appliances are designed to provide a secure access gateway for small and medium businesses. The vulnerability, CVE-2021-20035, is a result of improper handling of special elements in the SMA100 management interface, making it possible for remote authenticated attackers to inject arbitrary OS commands as a “nobody” user. This vulnerability impacts specific models within the SMA 100 series, including SMA 200, 210, 400, 410, and 500v for hybrid-cloud deployments. Firmware versions 10.2.1.0-17sv and earlier, 10.2.0.7-34sv and earlier, and 9.0.0.10-28sv and earlier are affected by CVE-2021-20035.
As there are currently no workarounds available to mitigate the risk posed by this vulnerability, administrators are urged to promptly update their appliances to the fixed versions, which include 10.2.1.1-19sv and higher, 10.2.0.8-37sv and higher, and 9.0.0.11-31sv and higher.
Sonicwall SMA appliances have been frequent targets for attackers due to both known and zero-day vulnerabilities. Earlier this year, threat actors exploited a zero-day vulnerability, CVE-2025-23006, to compromise SonicWall SMA 1000 Series appliances. While both Sonicwall and the Cybersecurity and Infrastructure Security Agency (CISA) have confirmed the exploitation of CVE-2021-20035, details about the specific attacks leveraging this vulnerability have not been disclosed by the company.
In light of the ongoing exploitation of vulnerabilities in Sonicwall SMA appliances, users are encouraged to stay informed about the latest breaches, vulnerabilities, and cybersecurity threats by subscribing to breaking news e-mail alerts provided by reputable sources. By staying informed, individuals and organizations can take proactive measures to enhance their cybersecurity posture and protect against potential cyber threats.