CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2021-20028

CVSS 9.8v3.1pub. 2021-08-04upd. 2025-10-31

Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products, specifically the SRA appliances running all 8.x firmware and 9.0.0.9-26sv or earlier

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Sonicwall Sma 210

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Sma 210 Firmware

    OS
    Sonicwall
    8.0.0.0 – 9.0.0.10-28sv (bez)
  • Sonicwall Sma 410

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Sma 410 Firmware

    OS
    Sonicwall
    8.0.0.0 – 9.0.0.10-28sv (bez)
  • Sonicwall Sma 500v

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Sma 500v Firmware

    OS
    Sonicwall
    8.0.0.0 – 9.0.0.10-28sv (bez)
  • Sonicwall Sra 1600

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Sra 1600 Firmware

    OS
    Sonicwall
    8.0.0.0 – 9.0.0.10-28sv (bez)
  • Sonicwall Sra 4600

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Sra 4600 Firmware

    OS
    Sonicwall
    8.0.0.0 – 9.0.0.10-28sv (bez)
  • Sonicwall Sra Va

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Sra Va Firmware

    OS
    Sonicwall
    8.0.0.0 – 9.0.0.10-28sv (bez)

CISA KEV — detailsi

Vendori
SonicWall
Producti
Secure Remote Access (SRA)
Added to KEVi
March 28, 2022
Remediation deadline (US Federal)i
April 18, 2022(overdue)
Ransomwarei
Active ransomware campaigns exploit this vulnerability
Required action (CISA)i

The impacted product is end-of-life and should be disconnected if still in use.

CISA descriptioni

SonicWall Secure Remote Access (SRA) products contain an improper neutralization of a SQL Command leading to SQL injection.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
☠️WYKORZYSTYWANE W RANSOMWARECISA DEADLINE: 18 kwietnia 2022
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2024-38475CRITICAL9.1⚠ KEVPL ✓ten sam produkt

Apache HTTP Server mod_rewrite — ujawnienie kodu i RCE poprzez błędne escapowanie

CVE-2021-20038CRITICAL9.8⚠ KEVten sam produkt

A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variabl...

CVE-2021-20016CRITICAL9.8⚠ KEVten sam produkt

A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker ...

CVE-2025-40599CRITICAL9.1PL ✓ten sam produkt

SonicWall SMA 100 — nieautoryzowany upload pliku prowadzący do RCE

CVE-2022-22273CRITICAL9.8ten sam produkt

Improper neutralization of Special Elements leading to OS Command Injection vulnerability impacting end-of-lif...