Active exploitation of the nearly half a decade-old high-severity SonicWall SMA100 remote-access appliance operating system command injection flaw, tracked as CVE-2021-20035, has been disclosed by SonicWall upon notification from one of its partners, Cybersecurity Dive reports.
Investigation into the nature and extent of attacks leveraging the vulnerability, which could result in arbitrary code execution, is still underway, according to a SonicWall spokesperson. "While the vulnerability affects SMA100 devices running older firmware, we continue to urge customers to follow the mitigation steps outlined in our advisory and upgrade to the latest firmware as a best practice," said the spokesperson. Ongoing intrusions abusing the flaw have prompted its addition to the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog, with federal agencies ordered to apply the necessary remediations by May 7. Such a development comes as vulnerable SonicWall firewalls and VPNs have been increasingly targeted in cyberattacks as threat actors look to compromise edge devices.
Investigation into the nature and extent of attacks leveraging the vulnerability, which could result in arbitrary code execution, is still underway, according to a SonicWall spokesperson. "While the vulnerability affects SMA100 devices running older firmware, we continue to urge customers to follow the mitigation steps outlined in our advisory and upgrade to the latest firmware as a best practice," said the spokesperson. Ongoing intrusions abusing the flaw have prompted its addition to the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog, with federal agencies ordered to apply the necessary remediations by May 7. Such a development comes as vulnerable SonicWall firewalls and VPNs have been increasingly targeted in cyberattacks as threat actors look to compromise edge devices.
