← back
CVE-2021-20028

CVE-2021-20028

CVSS 9.8 CRITICALEPSS 30.1%● KEVCWE-89
In short

A SQL injection vulnerability in Secure Remote Access (SRA) appliances allows attackers to execute malicious SQL commands directly on the database without proper validation, potentially compromising sensitive data or system control.

Technical detail

SQL injection flaw in SRA 8.x and 9.0.0.9-26sv or earlier due to insufficient input sanitization in SQL query construction; remote unauthenticated attacker can exploit this to execute arbitrary SQL commands, leading to unauthorized data access, modification, or deletion.

Summary generated and translated by AI from the official description.
Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products, specifically the SRA appliances running all 8.x firmware and 9.0.0.9-26sv or earlier
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
SonicWall · SonicWall SRA/SMA100

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0017https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-20028