CVE-2021-20028 SonicWall CVE debrief

Who should care

Security and IT teams that still operate or inherit SonicWall Secure Remote Access (SRA), especially owners of internet-facing remote access infrastructure, vulnerability management teams, and incident responders supporting legacy appliances.

Technical summary

The supplied records identify CVE-2021-20028 as a SQL injection vulnerability affecting SonicWall Secure Remote Access (SRA). The most actionable details in the corpus come from CISA’s KEV entry: the vulnerability is known to be exploited, the product is end-of-life, and CISA’s required action is to disconnect it if it is still in use. The corpus does not provide a CVSS score.

Defensive priority

Critical

Recommended defensive actions

• Inventory all SonicWall Secure Remote Access (SRA) instances and confirm whether any remain in production or exposed to the internet.
• If SRA is still in use, follow CISA’s guidance and disconnect or retire the end-of-life product as soon as possible.
• Prioritize immediate containment and incident response review for any exposed or previously exposed SRA deployments because the vulnerability is listed as known exploited.
• Replace the legacy remote access solution with a supported platform and confirm migration paths for all users and integrations.
• Use the official CVE, NVD, and CISA KEV references to validate ownership, exposure, and remediation status.

Evidence notes

The title and description identify a SQL injection vulnerability in SonicWall Secure Remote Access (SRA). CISA’s KEV metadata for this CVE lists vendorProject SonicWall, product Secure Remote Access (SRA), dateAdded 2022-03-28, dueDate 2022-04-18, knownRansomwareCampaignUse as Known, and requiredAction stating the impacted product is end-of-life and should be disconnected if still in use. The supplied corpus does not include a CVSS score.

Official resources