CVE-2021-20028
Published: 04 August 2021
Summary
CVE-2021-20028 is a critical-severity SQL Injection (CWE-89) vulnerability in Sonicwall Sma 210 Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 0.9% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SA-22 (Unsupported System Components) and SI-10 (Information Input Validation).
Deeper analysis
The vulnerability is a SQL injection flaw (CWE-89) caused by improper neutralization of SQL commands. It affects end-of-life SonicWall Secure Remote Access (SRA) appliances running all 8.x firmware versions and 9.0.0.9-26sv or earlier. The issue carries a CVSS 3.1 base score of 9.8.
Remote unauthenticated attackers can exploit the flaw over the network without user interaction to read, modify, or delete database contents and potentially achieve full control of the affected appliance, resulting in complete loss of confidentiality, integrity, and availability.
The vulnerability is documented in SonicWall advisory SNWLID-2021-0017 and appears in CISA's catalog of known exploited vulnerabilities, confirming observed in-the-wild exploitation. Because the products have reached end-of-life status, no patches are expected; organizations should migrate away from the affected SRA appliances.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-7491
Vulnerability details
Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products, specifically the SRA appliances running all 8.x firmware and 9.0.0.9-26sv or earlier
- CWE(s)
- KEV Date Added
- 28 March 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation and neutralization of untrusted input to block SQL command injection as exploited in this CVE.
Mandates replacement or approved mitigations for unsupported/end-of-life components such as the affected SRA appliances.
Enforces boundary protections that can restrict network exposure of the vulnerable remote-access appliance.