Full Report
On Wednesday, CISA warned federal agencies to secure their SonicWall Secure Mobile Access (SMA) 100 series appliances against attacks exploiting a high-severity remote code execution vulnerability. [...]
Analysis Summary
# Vulnerability: SonicWall SMA Series Remote Code Execution (Actively Exploited)
## CVE Details
- CVE ID: **CVE-2021-20035**
- CVSS Score: **7.2 (High)** (Revised score from SonicWall PSIRT)
- CWE: (Not explicitly stated, but context implies Remote Code Execution/Authentication Bypass)
## Affected Systems
- Products: SonicWall SMA (Secure Mobile Access) 100 Series
- Versions:
- 10.2.1.0-17sv and earlier
- 10.2.0.7-34sv and earlier
- 9.0.0.10-28sv and earlier
- Configurations: SMA 100, SMA 200, SMA 210, SMA 400, SMA 410, SMA 500v (ESX, KVM, AWS, Azure)
## Vulnerability Description
The vulnerability detailed in this summary allows for **Remote Code Execution (RCE)**, according to context provided by SonicWall referencing similar recent vulnerabilities. CISA has specifically flagged this flaw as being actively exploited in the wild. While the specific technical mechanism is not detailed in the provided excerpt, the impact suggests an attacker can execute arbitrary code remotely, likely escalating privileges or achieving unauthorized access via the VPN/Secure Mobile Access gateway.
## Exploitation
- Status: **Exploited in the wild** (Confirmed by CISA addition to KEV catalog)
- Complexity: (Not specified, but exploitation in the wild suggests **Low/Medium** complexity for observed attacks)
- Attack Vector: **Network** (Implied by VPN endpoint vulnerability)
## Impact
The direct impact on confidentiality, integrity, and availability is not quantified (High/Medium/Low), but given the RCE capability and active exploitation, the potential impact is **Critical** across all three pillars.
## Remediation
### Patches
SonicWall provided specific fixed versions for the SMA 100 Series:
- For branch 10.2.1: **10.2.1.1-19sv and higher**
- For branch 10.2.0: **10.2.0.8-37sv and higher**
- For branch 9.0.0: **9.0.0.11-31sv and higher**
### Workarounds
No specific workarounds were listed in this context. Immediate patching is the mandated action.
## Detection
- Indicators of Compromise (IOCs): (Not specified in the provided text)
- Detection Methods and Tools: Organizations (especially US FCEB agencies) are mandated by CISA BOD 22-01 to patch within three weeks of the KEV catalog addition (May 7th deadline referenced). Reviewing logs related to SMA appliance activities and outbound connections following the exploit period is recommended.
## References
- Vendor Advisories: SonicWall PSIRT communications regarding the vulnerability.
- Relevant Links:
- CISA confirmation of active exploitation: cisa.gov/news-events/alerts/2025/04/16/cisa-adds-one-known-exploited-vulnerability-catalog
- CISA KEV Catalog listing: cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-20035&field_date_added_wrapper=all&field_cve=&sort_by=field_date_added&items_per_page=20&url=