SonicWall SSLVPN SMA100 SQL Injection Vulnerability

What it is

SonicWall SSLVPN SMA100 contains a SQL injection vulnerability that allows remote exploitation for credential access by an unauthenticated attacker.

Known to be used in ransomware campaigns.Active threat actors have chained this vulnerability into ransomware operations — treat patching as a same-week priority, not a "next maintenance window" task. The coping action is the same one below; the urgency is higher.

Who's affected

Affects anyone whose network is fronted by a SonicWall firewall or SSL VPN. The device sits at the edge between your office and the internet and authenticates remote workers — exploitation typically means an attacker reaches inside without needing a user credential.

What to do

Apply updates per vendor instructions.

CISA action deadline: November 17, 2021. Federal agencies must complete the required action by this date. For private SMBs the deadline is advisory — but treat it as a strong recommendation, especially if you handle regulated data (HIPAA, GLBA, ABA model rules).

If you don't have someone in-house to verify the patch deployed across every endpoint — or you're not sure whether you're affected — that's exactly the kind of triage we do. Book a free 20-minute triage call.

Source

Pulled daily from the public cisagov/kev-data mirror (CC0). View the original entry on cisa.gov. CISA KEV is US-Government public-domain data; we add the SMB-vertical framing and the coping action above.

← All SMB-relevant KEV entries