What is CVE-2023-44221?

CVE-2023-44221 is a vulnerability in Sonicwall Sma100, classified under OS Command Injection. Published 2023-12-05.

Is CVE-2023-44221 known to be exploited?

Yes. CVE-2023-44221 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2025-05-01), indicating it is being actively exploited. 5 public proof-of-concept repositories are indexed.

RCE in Sonicwall Sma100

CVE-2023-44221

Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user, potentially leading to OS Command…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.226 (96.0th percentile) — read the EPSS interpretation.

Affected products

Sonicwall Sma100 — versions 10.2.1.9-57sv and earlier versions

Weakness classification (CWE)

CWE-78 — OS Command Injection

CISA KEV (Known Exploited Vulnerabilities)

This CVE is on the CISA KEV catalog, added on 2025-05-01. CISA KEV inclusion means CISA has confirmed in-the-wild exploitation; US federal agencies are required to remediate within a published due date.

BOD 22-01 due date: 2025-05-22.

Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Public proof-of-concept exploits

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0018 (vendor-advisory)

Frequently asked questions

What is CVE-2023-44221?: CVE-2023-44221 is a vulnerability in Sonicwall Sma100, classified under OS Command Injection. Published 2023-12-05.
Is CVE-2023-44221 known to be exploited?: Yes. CVE-2023-44221 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2025-05-01), indicating it is being actively exploited. 5 public proof-of-concept repositories are indexed.