CVE-2021-20028

CRITICAL KEV RANSOMWARE

SonicWall SRA and SMA Firmware 8.x-9.0.0.9-26sv - SQL Injection

Title source: llm

Exploitation Summary

CVE-2021-20028 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added March 28, 2022, with confirmed use in ransomware campaigns.

Description

Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products, specifically the SRA appliances running all 8.x firmware and 9.0.0.9-26sv or earlier

References (2)

Core 2

Core References

Vendor Advisory x_refsource_confirm

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0017

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-20028

Scores

CVSS v3 9.8

EPSS 0.8027

EPSS Percentile 99.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable yes

Technical Impact total

Details

CISA KEV 2022-03-28

VulnCheck KEV 2021-06-08

InTheWild.io 2022-01-27

ENISA EUVD EUVD-2021-7491

Ransomware Use Confirmed

CWE

CWE-89

Status published

Products (6)

sonicwall/sma_210_firmware 8.0.0.0 - 9.0.0.10-28sv

sonicwall/sma_410_firmware 8.0.0.0 - 9.0.0.10-28sv

sonicwall/sma_500v_firmware 8.0.0.0 - 9.0.0.10-28sv

sonicwall/sra_1600_firmware 8.0.0.0 - 9.0.0.10-28sv

sonicwall/sra_4600_firmware 8.0.0.0 - 9.0.0.10-28sv

sonicwall/sra_va_firmware 8.0.0.0 - 9.0.0.10-28sv

Published Aug 04, 2021

KEV Added Mar 28, 2022

Tracked Since Feb 18, 2026