{"vulnerability": "CVE-2021-20028", "sightings": [{"uuid": "9381b94f-754f-4dea-842c-d914a6a9968a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20028", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2023-06-14T21:10:04.000000Z"}, {"uuid": "a64282ad-5eb4-4345-a331-c14d88e04bb0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20028", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971481", "content": "", "creation_timestamp": "2024-12-24T20:29:57.084589Z"}, {"uuid": "3754ad5e-8266-41e0-9a1f-d5e919ff7f1d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20028", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2024-12-28)", "content": "", "creation_timestamp": "2024-12-28T00:00:00.000000Z"}, {"uuid": "ef6949bc-9e48-4774-b865-38a3db691b29", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20028", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-01-26)", "content": "", "creation_timestamp": "2025-01-26T00:00:00.000000Z"}, {"uuid": "36dc9dfc-40e6-49b8-a1c5-bea8760cbff8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20028", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2024-12-26)", "content": "", "creation_timestamp": "2024-12-26T00:00:00.000000Z"}, {"uuid": "99da93ef-e2b6-49cb-bab8-6821b828422f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20028", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-01-14)", "content": "", "creation_timestamp": "2025-01-14T00:00:00.000000Z"}, {"uuid": "2c5aed7a-1e49-4e7c-a176-6d476ed92c88", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20028", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-05-31)", "content": "", "creation_timestamp": "2025-05-31T00:00:00.000000Z"}, {"uuid": "0b7c0b71-d3bc-425b-8418-70f452fbfa35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20028", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-02-14)", "content": "", "creation_timestamp": "2025-02-14T00:00:00.000000Z"}, {"uuid": "8155ae8d-c0a0-4075-bc38-e66e0abc7cba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20028", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:28.000000Z"}, {"uuid": "cbc843af-e380-4518-b145-818278f31b71", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20028", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-08-19)", "content": "", "creation_timestamp": "2025-08-19T00:00:00.000000Z"}, {"uuid": "f9a753d0-f447-429d-903f-4f0be573a649", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20028", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-12-16)", "content": "", "creation_timestamp": "2025-12-16T00:00:00.000000Z"}, {"uuid": "19297710-e957-4e77-a21c-95f20e6b5f3c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20028", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-09-30)", "content": "", "creation_timestamp": "2025-09-30T00:00:00.000000Z"}, {"uuid": "72902f8d-e776-428f-a054-f02a0c05c66e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20028", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-08-30)", "content": "", "creation_timestamp": "2025-08-30T00:00:00.000000Z"}, {"uuid": "afa04b58-37b9-466d-b76c-ae19fdc79583", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2021-20028", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/379199fc-7758-4b6d-ad81-d800954cb401", "content": "", "creation_timestamp": "2026-02-02T12:27:55.568695Z"}, {"uuid": "a0c376bf-d91e-4d8e-8a9e-d7fe03144b93", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20028", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-12-18)", "content": "", "creation_timestamp": "2025-12-18T00:00:00.000000Z"}, {"uuid": "e44a6bd3-854c-43b6-8485-b151d4f9b573", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20028", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-02-24)", "content": "", "creation_timestamp": "2026-02-24T00:00:00.000000Z"}, {"uuid": "53a3442a-a9de-4331-8448-f13b57b64fa6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20028", "type": "seen", "source": "https://t.me/cibsecurity/26843", "content": "\u203c CVE-2021-20028 \u203c\n\n** UNSUPPORTED WHEN ASSIGNED ** Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products, specifically the SRA appliances running all 8.x firmware and 9.0.0.9-26sv or earlier.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-04T23:23:38.000000Z"}, {"uuid": "f6502e34-ff61-46a5-bf82-3a1b05efeee5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20028", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-04-13)", "content": "", "creation_timestamp": "2026-04-13T00:00:00.000000Z"}, {"uuid": "c9e9a92b-f195-4276-850d-9b640be84954", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20028", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-04-05)", "content": "", "creation_timestamp": "2026-04-05T00:00:00.000000Z"}, {"uuid": "4adc9470-0a57-4a63-b3aa-042c19501246", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20028", "type": "seen", "source": "https://t.me/breachdetector/45993", "content": "\u26a0 Detectada filtraci\u00f3n \u26a0\n{\n  \"site\": \"RaidForums\",\n  \"Threat Actor\": \"WICK1\",\n  \"Content\": \"SonicWall SSL-VPN Exploit (CVE-2021-20028)\u201d,\n  \"Detection Date\": \u201c13 Feb 2022 11:44\u201d,\n  \"Type\": \"Data leak\"\n}\n\ud83d\udd39 Data Leak monitoring system\ud83d\udd39", "creation_timestamp": "2022-02-13T11:48:22.000000Z"}, {"uuid": "6befb8d4-fe66-43a3-becf-4eda956d4482", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20028", "type": "exploited", "source": "https://t.me/club31337/873", "content": "SonicWall SSLVPN SQLi CVE-2021-20028 exploit code publicized by wazawaka aka boriselcin aka Orange (from RAMP) aka Mikhail Pavlovich Matveev", "creation_timestamp": "2024-11-09T02:12:00.000000Z"}, {"uuid": "45f34ed1-43ce-464a-9979-c607a2c8db2a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20028", "type": "published-proof-of-concept", "source": "https://t.me/arvin_club/5154", "content": "\u0627\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc CVE-2021-20028 \u062f\u0631 \u0648\u06cc \u067e\u06cc \u0627\u0646 \u0634\u0631\u06a9\u062a\u06cc sonicwall \u06a9\u0647 \u062f\u0631 \u0641\u0631\u0648\u0645 Ramp \u0641\u0631\u0648\u062e\u062a\u0647 \u0645\u06cc\u0634\u062f \u0645\u0646\u062a\u0634\u0631 \u0634\u062f\nhttps://twitter.com/vxunderground/status/1486074974486020105?s=20", "creation_timestamp": "2022-01-26T18:54:27.000000Z"}, {"uuid": "bfedc75b-89ac-4db2-86bd-676c44d87ed7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20028", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-05-05)", "content": "", "creation_timestamp": "2026-05-05T00:00:00.000000Z"}, {"uuid": "ac3069bd-e757-4d09-9d58-a465c72238f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20028", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-05-05)", "content": "", "creation_timestamp": "2026-05-05T00:00:00.000000Z"}]}