Security

Actively Exploited SonicWall VPN Vulnerability Demands Urgent Federal Action

tuffbrownboy

Overview of the SonicWall VPN Security Breach

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-alert warning to federal agencies, advising immediate reinforcement of their SonicWall Secure Mobile Access (SMA) 100 series appliances. These devices are currently vulnerable to a high-severity remote code execution flaw, identified as CVE-2021-20035.

Details of the Vulnerability

This critical security breach affects a variety of devices including SMA 200, SMA 210, SMA 400, SMA 410, and SMA 500v across multiple platforms (ESX, KVM, AWS, Azure). The flaw, which allows low-privilege remote threat actors to execute arbitrary code with minimal complexity, is due to improper neutralization of special elements in the SMA100’s management interface.

Originally patched in September 2021 for potential denial-of-service (DoS) exploits, the vulnerability’s advisory was updated recently, indicating exploitation in the wild and expanded risks involving code execution.

Updated Advisory and Exploit in the Wild

As recent developments unfold, SonicWall has updated the CVE-2021-20035 security advisory, now classified with a revised CVSS score of 7.2, highlighting its active exploitation in ongoing attacks. The update emphasizes the urgent need for network defenders to deploy the necessary patches to avoid potential breaches.

Imperative Actions and Compliance Deadlines

Following CISA’s directive under the Binding Operational Directive (BOD) 22-01, Federal Civilian Executive Branch (FCEB) agencies must secure their networks by May 7th to counteract the impending threats. Although this directive specifically targets U.S. federal agencies, all network defenders should prioritize remediation efforts.

System Vulnerabilities and Update Requirements

  • Product: SMA 100 Series
  • Platforms: SMA 200, SMA 210, SMA 400, SMA 410, SMA 500v (ESX, KVM, AWS, Azure)
  • Impacted Versions: Versions older than 10.2.1.1-19sv, 10.2.0.8-37sv, 9.0.0.11-31sv
  • Fixed Versions: Updated to 10.2.1.1-19sv and higher, depending on the specific model

Additional Vulnerabilities and Precautionary Measures

In line with this advisory, SonicWall has also flagged an actively exploited authentication bypass flaw in its Gen 6 and Gen 7 firewalls last February, and a critical vulnerability in SMA1000 secure access gateways that had been exploited in zero-day attacks. This underscores the heightened need for vigilance and prompt action to mitigate evolving cybersecurity threats.

Related: 5 Alarming Ways Interlock Ransomware is Transforming Its Attack Strategies in 2025

Last Updated: April 17, 2025

Post Views: 18

Related Posts