SonicWall Secure Mobile Access (SMA) Vulnerability | September 2021

Threat actors are exploiting a critical vulnerability, CVE-2021-20034, in Sonicwall's Secure Mobile Access SMA100 appliances. Here's what you need to know.


On September 24, 2021, SonicWall issued an alert advising their SMA100 customers of a critical vulnerability, CVE-2021-20034. The vulnerability could allow a remote threat actor to delete an arbitrary file that results in factory reset of the device and settings.

Quick facts: what you need to know now

  • Impacted devices include SMA 100 series products, which include SMA 200, 210, 400, 410 and 500v.
  • The vulnerability could lead to a threat actor resetting the device and gaining administrative access to the device.
  • The administrative access can lead to remote access to your environment or changes to configuration settings of the device.

Next Steps for All SonicWall Secure Mobile Access (SMA) Customers:

  1. Immediately patch the device to the latest version. 
    1. Here’s additional guidance from SonicWall on how to upgrade. 
  2. If the device was factory reset, it could indicate exploitation. 
    1. If you find any suspicious activity, immediately notify Corvus of a potential claim via the email or hotline listed on your policy.  We will then connect you to counsel and a forensics firm to ensure your organization properly investigates, mitigates, and responds to the threat.

If you have any questions, please reach to the Risk + Response Team at!