CVE-2021-20028: SonicWall Secure Remote Access (SRA) SQL Injection Vulnerability
First published: Wed Aug 04 2021(Updated: )
** UNSUPPORTED WHEN ASSIGNED ** Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products, specifically the SRA appliances running all 8.x firmware and 9.0.0.9-26sv or earlier.
Credit: PSIRT@sonicwall.com PSIRT@sonicwall.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dell SonicWall Secure Remote Access Server | ||
| SonicWall SMA 210 | >=8.0.0.0<9.0.0.10 | |
| SonicWall SMA 210 Firmware | ||
| SonicWall SMA 410 | >=8.0.0.0<9.0.0.10 | |
| SonicWall SMA 410 | ||
| SonicWall SMA 500v Firmware | >=8.0.0.0<9.0.0.10 | |
| SonicWall SMA 500v Firmware | ||
| All of | ||
| SonicWall SMA 210 | >=8.0.0.0<9.0.0.10-28sv | |
| SonicWall SMA 210 Firmware | ||
| All of | ||
| SonicWall SMA 410 | >=8.0.0.0<9.0.0.10-28sv | |
| SonicWall SMA 410 | ||
| All of | ||
| SonicWall SMA 500v Firmware | >=8.0.0.0<9.0.0.10-28sv | |
| SonicWall SMA 500v Firmware | ||
| All of | ||
| SonicWall Secure Remote Access (SRA) 4600 | >=8.0.0.0<9.0.0.10-28sv | |
| SonicWall Secure Remote Access (SRA) 4600 | ||
| All of | ||
| SonicWall SRA 1600 firmware | >=8.0.0.0<9.0.0.10-28sv | |
| SonicWall SRA 1600 firmware | ||
| All of | ||
| SonicWall SRA VA | >=8.0.0.0<9.0.0.10-28sv | |
| SonicWall Secure Remote Access (SRA) | ||
| All of | ||
| >=8.0.0.0<9.0.0.10-28sv | ||
| All of | ||
| >=8.0.0.0<9.0.0.10-28sv | ||
| All of | ||
| >=8.0.0.0<9.0.0.10-28sv | ||
| All of | ||
| >=8.0.0.0<9.0.0.10-28sv | ||
| All of | ||
| >=8.0.0.0<9.0.0.10-28sv | ||
| All of | ||
| >=8.0.0.0<9.0.0.10-28sv | ||
Remedy
The impacted product is end-of-life and should be disconnected if still in use.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-20028?
The severity of CVE-2021-20028 is critical with a CVSS score of 9.8.
Which products are affected by CVE-2021-20028?
The affected product is SonicWall Secure Remote Access (SRA) appliances running all 8.x firmware and 9.0.0.9-26sv or earlier.
How does CVE-2021-20028 impact the affected products?
CVE-2021-20028 is a SQL Injection vulnerability that can be exploited on end-of-life Secure Remote Access (SRA) products.
How can I fix CVE-2021-20028?
To mitigate the vulnerability, SonicWall recommends upgrading to the latest supported firmware version.
Where can I find more information about CVE-2021-20028?
You can find more information about CVE-2021-20028 on the SonicWall PSIRT website at the following link: [https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0017](https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0017)
- agent/type
- agent/title
- agent/remedy
- agent/severity
- agent/author
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- agent/references
- agent/event
- agent/last-modified-date
- agent/source
- exploited/true
- ransomware/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- collector/nvd-api
- source/NVD
- collector/nvd-cve
- vendor/sonicwall
- canonical/dell sonicwall secure remote access server
- canonical/sonicwall sma 210
- version/sonicwall sma 210/8.0.0.0
- canonical/sonicwall sma 210 firmware
- canonical/sonicwall sma 410
- version/sonicwall sma 410/8.0.0.0
- canonical/sonicwall sma 500v firmware
- version/sonicwall sma 500v firmware/8.0.0.0
- canonical/sonicwall secure remote access (sra) 4600
- version/sonicwall secure remote access (sra) 4600/8.0.0.0
- canonical/sonicwall sra 1600 firmware
- version/sonicwall sra 1600 firmware/8.0.0.0
- canonical/sonicwall sra va
- version/sonicwall sra va/8.0.0.0
- canonical/sonicwall secure remote access (sra)