A critical vulnerability, tracked as CVE-2021-20019, in SonicWall VPN appliances was only partially patched last year and could allow a remote attacker to steal sensitive data. The vulnerability can be exploited by an unauthenticated HTTP request involving a custom protocol handler. The flaw resides in the HTTP/HTTPS service used for product management as well as SSL VPN remote access. SonicWall completely fixed the issue in an update rolled out to SonicOS on June 22. Experts are not aware of attacks in the wild exploiting the flaw.”]
Source: https://securityaffairs.co/wordpress/119269/security/sonicwall-vpn-unpatched-flaw.html