Vulnerability detail

Enriched intelligence for a single CVE

9.8

CVSS
Critical

CVE-2021-20028

PUBLISHED

Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products,...

Exploited in the wild Used in malware Remote Low complexity No user interaction

Vendor: SonicWall
Product: SonicWall SRA/SMA100
Published: Aug 04, 2021
EPSS: —

Description

Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products, specifically the SRA appliances running all 8.x firmware and 9.0.0.9-26sv or earlier

cisa malware ransomware edge

CVSS scores

CVSS v3.1 9.8 Critical

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0 7.5

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitation status

Exploited in the wild

Recorded 2022-03-28 00:00:00 UTC · Source

Used in malware

Recorded 2022-03-28 00:00:00 UTC · Source

SSVC decision points

Exploitation: active
Automatable: Yes
Technical impact: total

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0017

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source	Added
CISA	Mar 28, 2022

Timeline

CVE ID Reserved

December 17, 2020
CVE Published to Public

August 04, 2021
Exploit Used in Malware

March 28, 2022
Added to KEVIntel

March 28, 2022