The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a security flaw impacting SonicWall Secure Mobile Access (SMA) 100 Series gateways to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The high-severity vulnerability, tracked as CVE-2021-20035 (CVSS score: 7.2), relates to a case of operating system command injection that could result in code execution. The flaw impacts SMA 200, SMA 210, SMA 400, SMA 410, and SMA 500v (ESX, KVM, AWS, Azure) devices running the following versions - 10.2.1.0-17sv and earlier (Fixed in 10.2.1.1-19sv and higher), 10.2.0.7-34sv and earlier (Fixed in 10.2.0.8-37sv and higher), 9.0.0.10-28sv and earlier (Fixed in 9.0.0.11-31sv and higher) While the exact details surrounding the exploitation of CVE-2021-20035 are presently unknown, SonicWall has since revised the bulletin to acknowledge that "this vulnerability is potentially being exploited in the wild."

‍