SonicWall Security Flaw: A Comedy of Errors in Code Execution!

CISA adds a security flaw in SonicWall SMA 100 Series to its Known Exploited Vulnerabilities catalog. The vulnerability, CVE-2021-20035, allows remote attackers to inject commands, potentially leading to code execution. Federal agencies have until May 2025 to apply fixes and protect against this high-severity risk.

3P
Published: April 17, 2025 5:57 amAdded: April 16, 2025 at 11:16 pmAssembled by: The Editor
Pro Dashboard

Hot Take:

Looks like SonicWall’s SMA 100 Series gateways took the “remote work” concept a bit too seriously, allowing remote code execution as a ‘nobody’. Now, thanks to CISA, they’re getting a crash course in cybersecurity etiquette.

Key Points:

  • High-severity flaw in SonicWall SMA 100 Series gateways added to CISA’s KEV catalog.
  • Vulnerability CVE-2021-20035 allows OS command injection, leading to potential code execution.
  • Impacts multiple SMA models and software versions; patches are already available.
  • Exploitation details are few, but SonicWall confirms active attempts in the wild.
  • FCEB agencies have until May 7, 2025, to patch up or face the cyber consequences.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?