Pierluigi Paganini
April 17, 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a SonicWall SMA100 Appliance flaw, tracked as CVE-2021-20035, to its Known Exploited Vulnerabilities (KEV) catalog.
The vulnerability is an OS Command Injection Vulnerability in the SMA100 management interface. A remote authenticated attacker can exploit the flaw to inject arbitrary commands as a ‘nobody’ user, which could potentially lead to arbitrary code execution.
“Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a ‘nobody’ user, which could potentially lead to code execution.” reads the advisory. “This vulnerability is potentially being exploited in the wild.”
The vulnerability impacts 9.0.0.10-28sv and earlier, 10.2.0.7-34sv and earlier, and 10.2.1.0-17sv and earlier.
According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.
CISA orders federal agencies to fix this vulnerability by May 7, 2025.
Last week, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Linux Kernel flaws, respectively tracked as CVE-2024-53197 and CVE-2024-53150, to its Known Exploited Vulnerabilities (KEV) catalog.
Cisa also added Gladinet CentreStack and ZTA Microsoft Windows Common Log File System (CLFS) Driver flaws, respectively tracked as CVE-2025-30406 and CVE-2025-29824, to its Known Exploited Vulnerabilities (KEV) catalog.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, CISA)
