Cyber Resilience

CVE-2023-44221

HighCISA KEVActive ExploitationEUVD ExploitedRCE

Published: 05 December 2023

Published
05 December 2023
Modified
31 October 2025
KEV Added
01 May 2025
Patch
CVSS Score v3.1 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.2307 96.0th percentile
Risk Priority 48 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-44221 is a high-severity OS Command Injection (CWE-78) vulnerability in Sonicwall Sma 200 Firmware. Its CVSS base score is 7.2 (High).

Operationally, ranked in the top 4.0% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2023-44221 is an OS command injection vulnerability (CWE-78) affecting the SMA100 SSL-VPN management interface. It stems from improper neutralization of special elements and carries a CVSS 3.1 score of 7.2. The flaw permits a remote attacker to execute arbitrary commands under the 'nobody' user account.

A remote authenticated attacker holding administrative privileges can exploit the issue over the network without user interaction to achieve high impacts on confidentiality, integrity, and availability. The attack requires administrative credentials on the management interface and results in command execution limited to the 'nobody' context.

SonicWall's PSIRT advisory SNWLID-2023-0018 addresses the vulnerability, and the entry appears in CISA's Known Exploited Vulnerabilities catalog. The associated EPSS score has remained flat at a peak of 0.2307 since disclosure, indicating steady but not sharply increasing exploitation interest.

EU & UK References

Vulnerability details

Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user, potentially leading to OS Command Injection Vulnerability.

CWE(s)
KEV Date Added
01 May 2025

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

sonicwall
sma 200 firmware
≤ 10.2.1.9-57sv
sonicwall
sma 210 firmware
≤ 10.2.1.9-57sv
sonicwall
sma 400 firmware
≤ 10.2.1.9-57sv
sonicwall
sma 410 firmware
≤ 10.2.1.9-57sv
sonicwall
sma 500v firmware
≤ 10.2.1.9-57sv

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation and neutralization of untrusted input to block the special-element injection that enables OS command execution.

prevent

Limits privileges of the management-interface process and authenticated admins so that even a successful injection yields only the observed 'nobody' rights rather than full OS control.

prevent

Mandates prompt application of vendor patches for the documented command-injection flaw listed in the SonicWall advisory and CISA KEV catalog.

References