Home / Threat Intelligence bulletins / SonicWall Patches Critical Vulnerability


SonicWall have patched a vulnerability in SMA 100 series VPNs.

The vulnerability (CVE-2021-20034) is due to an improper limitation of a file path to a restricted directory potentially leading to arbitrary file deletion as ‘nobody.’


A remote, unauthenticated attacker could delete files from a SMA 100 series appliance and potentially gain administrator access to the device.

Vulnerability Detection

Not detected by Nessus or Qualys at this time.

Affected Products

SMA 100 Series (SMA 200, 210, 400, 410, 500v)

  • and earlier
  • and earlier
  • and earlier

Containment, Mitigations & Remediations

No temporary mitigations. SonicWall urges customers to patch as soon as possible.

Indicators of Compromise

No evidence of active exploitation.

Threat Landscape

VPN appliances are a popular target for ransomware groups as they grant access to the internal network as well as being a source of user credentials.

Mitre Methodologies

T1190 – Exploit Public-Facing Application

Further Information

Security Notice: Critical Arbitrary File Delete Vulnerability In SonicWall SMA 100 Series Appliances