Vulnerability Description
Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products, specifically the SRA appliances running all 8.x firmware and 9.0.0.9-26sv or earlier
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sonicwall | Sma 210 Firmware | >= 8.0.0.0, < 9.0.0.10-28sv |
| Sonicwall | Sma 210 | - |
| Sonicwall | Sma 410 Firmware | >= 8.0.0.0, < 9.0.0.10-28sv |
| Sonicwall | Sma 410 | - |
| Sonicwall | Sma 500V Firmware | >= 8.0.0.0, < 9.0.0.10-28sv |
| Sonicwall | Sma 500V | - |
| Sonicwall | Sra 4600 Firmware | >= 8.0.0.0, < 9.0.0.10-28sv |
| Sonicwall | Sra 4600 | - |
| Sonicwall | Sra 1600 Firmware | >= 8.0.0.0, < 9.0.0.10-28sv |
| Sonicwall | Sra 1600 | - |
| Sonicwall | Sra Va Firmware | >= 8.0.0.0, < 9.0.0.10-28sv |
| Sonicwall | Sra Va | - |
Related Weaknesses (CWE)
References
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0017Vendor Advisory
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0017Vendor Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-US Government Resource
FAQ
What is CVE-2021-20028?
CVE-2021-20028 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products, specifically the SRA appliances running all 8.x firmware and ...
How severe is CVE-2021-20028?
CVE-2021-20028 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-20028?
Check the references section above for vendor advisories and patch information. Affected products include: Sonicwall Sma 210 Firmware, Sonicwall Sma 210, Sonicwall Sma 410 Firmware, Sonicwall Sma 410, Sonicwall Sma 500V Firmware.