Home
Mapping Frameworks
Known Exploited Vulnerabilities Home
SonicWall SMA100 Appliances OS Command Injection Vulnerability

Known Exploited Vulnerabilities CVE-2021-20035

SonicWall SMA100 appliances contain an OS command injection vulnerability in the management interface that allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user, which could potentially lead to code execution.

Mappings

Capability ID	Capability Description	Mapping Type	ATT&CK ID	ATT&CK Name	Notes
CVE-2021-20035	SonicWall SMA100 Appliances OS Command Injection Vulnerability	exploitation_technique	T1078	Valid Accounts	Comments While this vulnerability was originally considered a denial-of-service issue in 2021, this improper neutralization issue has been exploited in 2025 as a remote code execution vulnerability. After authenticating (either with default credentials or via brute force, password stuffing, or dictionary attacks), an attacker can execute arbitrary commands as a "nobody" user. References https://www.secureblink.com/cyber-security-news/sonic-wall-sma-rce-vulnerability-cve-2021-20035-under-active-exploitation-in-2025
CVE-2021-20035	SonicWall SMA100 Appliances OS Command Injection Vulnerability	exploitation_technique	T1059	Command and Scripting Interpreter	Comments While this vulnerability was originally considered a denial-of-service issue in 2021, this improper neutralization issue has been exploited in 2025 as a remote code execution vulnerability. After authenticating (either with default credentials or via brute force, password stuffing, or dictionary attacks), an attacker can execute arbitrary commands as a "nobody" user. References https://www.secureblink.com/cyber-security-news/sonic-wall-sma-rce-vulnerability-cve-2021-20035-under-active-exploitation-in-2025