CVE-2021-20035
Published: 27 September 2021
Summary
CVE-2021-20035 is a medium-severity OS Command Injection (CWE-78) vulnerability in Sonicwall Sma 200 Firmware. Its CVSS base score is 6.5 (Medium).
Operationally, ranked in the top 5.8% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and AC-6 (Least Privilege).
Deeper analysis
CVE-2021-20035 is an OS command injection vulnerability (CWE-78) stemming from improper neutralization of special elements in the management interface of SonicWall SMA 100 appliances. The flaw permits execution of arbitrary commands under the 'nobody' account and carries a CVSS 3.1 score of 6.5 reflecting network attack vector, low complexity, and high availability impact with no confidentiality or integrity effects.
A remote attacker who has already authenticated to the SMA 100 interface can exploit the weakness without user interaction to inject commands that result in denial of service. The attack requires only low-privileged credentials and does not need additional privileges or special network positioning beyond normal management access.
SonicWall advisory SNWLID-2021-0022 and the CISA Known Exploited Vulnerabilities catalog both reference the issue, confirming its inclusion in the CISA catalog of vulnerabilities observed in active exploitation.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-7498
Vulnerability details
Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user which potentially leads to DoS.
- CWE(s)
- KEV Date Added
- 16 April 2025
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation and neutralization of untrusted inputs to the SMA management interface, blocking the special-element/command-injection vector that enables the CVE.
Enforces least-privilege execution so that even a successfully injected command runs only under the restricted 'nobody' account, limiting the DoS impact.
Restricts the management interface to only the minimal required commands and services, reducing the attack surface available for arbitrary command injection.