SonicWall SMA VPN devices targeted in attacks since January

A remote code execution vulnerability affecting SonicWall Secure Mobile Access (SMA) appliances has been under active exploitation since at least January 2025, according to cybersecurity company Arctic Wolf. This security flaw (CVE-2021-20035) impacts SMA 200, SMA 210, SMA 400, SMA 410, and SMA 500v devices and was patched almost four years ago, in September 2021, when SonicWall said it could only be exploited to take down vulnerable appliances in denial-of-service (DoS) attacks. However, the company updated the four-year-old security advisory on Monday to flag the security bug as exploited in attacks, expand the impact to include remote code execution, and upgrade the CVSS severity score from medium to high severity. "This vulnerability is believed to be actively exploited in the wild. As a precautionary measure, SonicWall PSIRT has updated the summary and revised the CVSS score to 7.2," SonicWall said. Successful exploitation can allow remote threat actors with low privileges to ... Read full article.