<ul><li>The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a SonicWall SMA100 Appliance flaw, tracked as CVE-2021-20035, to its Known Exploited Vulnerabilities (KEV) catalog.</li><li>The vulnerability is an OS Command Injection Vulnerability in the SMA100 management interface, allowing remote authenticated attackers to inject arbitrary commands as a 'nobody' user and potentially execute arbitrary code.</li><li>CISA orders federal agencies to fix this vulnerability by May 7, 2025.</li><li>CISA also added Linux Kernel flaws, Gladinet CentreStack, and ZTA Microsoft Windows Common Log File System (CLFS) Driver flaws to its Known Exploited Vulnerabilities (KEV) catalog.</li></ul>

U.S. CISA adds SonicWall SMA100 Appliance flaw to its Known Exploited Vulnerabilities catalog

Discover more