First published: Wed Aug 04 2021(Updated: )
** UNSUPPORTED WHEN ASSIGNED ** Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products, specifically the SRA appliances running all 8.x firmware and 9.0.0.9-26sv or earlier.
Credit: PSIRT@sonicwall.com PSIRT@sonicwall.com
Affected Software | Affected Version | How to fix |
---|---|---|
Sonicwall Sma 210 Firmware | >=8.0.0.0<9.0.0.10 | |
Sonicwall Sma 210 | ||
Sonicwall Sma 410 Firmware | >=8.0.0.0<9.0.0.10 | |
Sonicwall Sma 410 | ||
Sonicwall Sma 500v Firmware | >=8.0.0.0<9.0.0.10 | |
Sonicwall Sma 500v | ||
All of | ||
Sonicwall Sma 210 Firmware | >=8.0.0.0<9.0.0.10-28sv | |
Sonicwall Sma 210 | ||
All of | ||
Sonicwall Sma 410 Firmware | >=8.0.0.0<9.0.0.10-28sv | |
Sonicwall Sma 410 | ||
All of | ||
Sonicwall Sma 500v Firmware | >=8.0.0.0<9.0.0.10-28sv | |
Sonicwall Sma 500v | ||
All of | ||
Sonicwall Sra 4600 Firmware | >=8.0.0.0<9.0.0.10-28sv | |
Sonicwall Sra 4600 | ||
All of | ||
Sonicwall Sra 1600 Firmware | >=8.0.0.0<9.0.0.10-28sv | |
Sonicwall Sra 1600 | ||
All of | ||
Sonicwall Sra Va Firmware | >=8.0.0.0<9.0.0.10-28sv | |
Sonicwall Sra Va | ||
All of | ||
>=8.0.0.0<9.0.0.10-28sv | ||
All of | ||
>=8.0.0.0<9.0.0.10-28sv | ||
All of | ||
>=8.0.0.0<9.0.0.10-28sv | ||
All of | ||
>=8.0.0.0<9.0.0.10-28sv | ||
All of | ||
>=8.0.0.0<9.0.0.10-28sv | ||
All of | ||
>=8.0.0.0<9.0.0.10-28sv | ||
SonicWall Secure Remote Access (SRA) |
The impacted product is end-of-life and should be disconnected if still in use.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2021-20028 is critical with a CVSS score of 9.8.
The affected product is SonicWall Secure Remote Access (SRA) appliances running all 8.x firmware and 9.0.0.9-26sv or earlier.
CVE-2021-20028 is a SQL Injection vulnerability that can be exploited on end-of-life Secure Remote Access (SRA) products.
To mitigate the vulnerability, SonicWall recommends upgrading to the latest supported firmware version.
You can find more information about CVE-2021-20028 on the SonicWall PSIRT website at the following link: [https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0017](https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0017)