CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2021-20016

CVSS 9.8v3.1pub. 2021-02-04upd. 2025-10-31

A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Sonicwall Sma 100

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Sma 100 Firmware

    OS
    Sonicwall
    10.0.0.0 – 10.2.0.5-d-29sv (bez)
  • Sonicwall Sma 200

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Sma 200 Firmware

    OS
    Sonicwall
    wszystkie wersje
  • Sonicwall Sma 210

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Sma 210 Firmware

    OS
    Sonicwall
    wszystkie wersje
  • Sonicwall Sma 400

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Sma 400 Firmware

    OS
    Sonicwall
    wszystkie wersje
  • Sonicwall Sma 410

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Sma 410 Firmware

    OS
    Sonicwall
    wszystkie wersje
  • Sonicwall Sma 500v

    APP
    Sonicwall
    wszystkie wersje

CISA KEV — detailsi

Vendori
SonicWall
Producti
SSLVPN SMA100
Added to KEVi
November 3, 2021
Remediation deadline (US Federal)i
November 17, 2021(overdue)
Ransomwarei
Active ransomware campaigns exploit this vulnerability
Required action (CISA)i

Apply updates per vendor instructions.

CISA descriptioni

SonicWall SSLVPN SMA100 contains a SQL injection vulnerability that allows remote exploitation for credential access by an unauthenticated attacker.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
☠️WYKORZYSTYWANE W RANSOMWARECISA DEADLINE: 17 listopada 2021
Tags
SQLiAuth BypassVPN
CWE
References

Related vulnerabilities

CVE-2024-38475CRITICAL9.1⚠ KEVPL ✓ten sam produkt

Apache HTTP Server mod_rewrite — ujawnienie kodu i RCE poprzez błędne escapowanie

CVE-2021-20038CRITICAL9.8⚠ KEVten sam produkt

A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variabl...

CVE-2021-20028CRITICAL9.8⚠ KEVten sam produkt

Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure R...

CVE-2025-40599CRITICAL9.1PL ✓ten sam produkt

SonicWall SMA 100 — nieautoryzowany upload pliku prowadzący do RCE

CVE-2022-22273CRITICAL9.8ten sam produkt

Improper neutralization of Special Elements leading to OS Command Injection vulnerability impacting end-of-lif...