Summary: A remote code execution vulnerability (CVE-2021-20035) affecting SonicWall Secure Mobile Access (SMA) appliances has been found to be actively exploited since January 2025, contrary to previous assessments that primarily deemed it a denial-of-service risk. SonicWall has updated its advisory to reflect the high severity of the flaw, as malicious actors can exploit it to execute arbitrary commands. Cybersecurity firm Arctic Wolf has also reported ongoing attacks utilizing default credentials to target these vulnerable devices.
Affected: SonicWall Secure Mobile Access (SMA) appliances (SMA 200, SMA 210, SMA 400, SMA 410, SMA 500v)
Keypoints :
- The vulnerability allows low-privileged attackers to execute arbitrary code via the SMA100 management interface.
- CISA has added CVE-2021-20035 to its Known Exploited Vulnerabilities catalog and advised federal agencies to secure their networks.
- Recommendations include limiting VPN access, enabling multi-factor authentication, and resetting local account passwords.