CVE-2021-20035 - SonicWall SMA100 Appliances OS Command Injection Vulnerability

Vulnerability Name

SonicWall SMA100 Appliances OS Command Injection Vulnerability

Description

SonicWall SMA100 appliances contain an OS command injection vulnerability in the management interface that allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user, which could potentially lead to code execution.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0022

https://nvd.nist.gov/vuln/detail/CVE-2021-20035

Related News Articles

SonicWall urges admins to patch critical RCE flaw in SMA 100 devicesJuly 24, 2025

SonicWall SMA devices persistently infected with stealthy OVERSTEP backdoor and rootkitJuly 17, 2025

SonicWall SMA devices hacked with OVERSTEP rootkit tied to ransomwareJuly 16, 2025

UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP RootkitJuly 16, 2025

SonicWall Patches 3 Flaws in SMA 100 Devices Allowing Attackers to Run Code as RootMay 8, 2025