CVE-2021-20035

6.5

CVSS
Medium

PUBLISHED

Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands...

Exploited in the wild Remote Low complexity No user interaction

Vendor: SonicWall
Product: SMA100
Published: Sep 27, 2021
EPSS: —

Description

Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user which potentially leads to DoS.

cisa edge nessus_scanner

CVSS scores

CVSS v3.1 6.5 Medium

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS v2.0 6.8

AV:N/AC:L/Au:S/C:N/I:N/A:C

Exploitation status

Exploited in the wild

Recorded 2025-04-16 00:00:00 UTC · Source

SSVC decision points

Exploitation: active
Automatable: No
Technical impact: total

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0022

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source	Added
CISA	Apr 16, 2025

Scanner integrations

Scanner	Reference	Detected
Nessus	https://www.tenable.com/plugins/nessus/235817	Jun 02, 2025

Vulnerability detail