RCE in Sonicwall Sma100

CVE-2021-20017

A post-authenticated command injection vulnerability in SonicWall SMA100 allows an authenticated attacker to execute OS commands as a 'nobody' user. This vulnerability impacts SMA100 version 10.2.0.5 and earlier.

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.026 (86.0th percentile) — read the EPSS interpretation.

Affected products

Sonicwall Sma100 — versions 10.2.0.5 and earlier

Weakness classification (CWE)

CWE-78 — OS Command Injection

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0004 (x_refsource_CONFIRM)