Detections
Analytics
CVE-2021-20016
critical
Description
A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x.
From the Tenable Blog
CVE-2021-20016: Zero-Day Vulnerability in SonicWall Secure Mobile Access (SMA) Exploited in the Wild
Published: 2021-02-04
SonicWall releases a patch after researchers confirm exploitation of a zero-day vulnerability in SonicWall Secure Mobile Access
References
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-215a
https://www.tenable.com/cyber-exposure/a-look-inside-the-ransomware-ecosystem
https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-117a
https://www.tenable.com/cyber-exposure/2021-threat-landscape-retrospective
https://www.mandiant.com/resources/blog/shining-a-light-on-darkside-ransomware-operations