Cyber Resilience

CVE-2021-20016

CriticalCISA KEVActive ExploitationEUVD ExploitedRansomware-linked

Published: 04 February 2021

Published
04 February 2021
Modified
31 October 2025
KEV Added
03 November 2021
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.7982 99.1th percentile
Risk Priority 87 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-20016 is a critical-severity SQL Injection (CWE-89) vulnerability in Sonicwall Sma 100 Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 0.9% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

A SQL injection vulnerability tracked as CVE-2021-20016 affects the SonicWall SSLVPN SMA100 product on build version 10.x. The flaw, assigned CWE-89, permits construction and execution of arbitrary SQL queries against the application's database.

A remote unauthenticated attacker can exploit the issue over the network without any user interaction or credentials. Successful exploitation yields direct access to usernames, passwords, and other session-related data stored by the VPN appliance, corresponding to the maximum CVSS 3.1 base score of 9.8.

The vulnerability is documented in SonicWall PSIRT advisory SNWLID-2021-0001 and appears in the CISA Known Exploited Vulnerabilities catalog, indicating confirmed in-the-wild exploitation.

EU & UK References

Vulnerability details

A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x.

CWE(s)
KEV Date Added
03 November 2021

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

sonicwall
sma 100 firmware
10.0.0.0 — 10.2.0.5-d-29sv
sonicwall
sma 200 firmware
all versions
sonicwall
sma 210 firmware
all versions
sonicwall
sma 400 firmware
all versions
sonicwall
sma 410 firmware
all versions
sonicwall
sma 500v
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of all inputs to the SMA100 web interface, blocking construction of malicious SQL queries that exploit CVE-2021-20016.

prevent

Mandates timely application of vendor patches (SonicWall advisory SNWLID-2021-0001) that eliminate the SQL-injection flaw in build 10.x.

prevent

Enforces that only properly authenticated and authorized subjects may access session or credential data, limiting the impact of any successful injection.

References