Vulnerabilites related to sonicwall - sma400
Vulnerability from fkie_nvd
Vendor | Product | Version | |
---|---|---|---|
sonicwall | sma_100_firmware | * | |
sonicwall | sma_100_firmware | 10.2.0.8-37sv | |
sonicwall | sma_100_firmware | 10.2.1.2-24sv | |
sonicwall | sma100 | - | |
sonicwall | sma_200_firmware | * | |
sonicwall | sma_200_firmware | 10.2.0.8-37sv | |
sonicwall | sma_200_firmware | 10.2.1.2-24sv | |
sonicwall | sma200 | - | |
sonicwall | sma_210_firmware | * | |
sonicwall | sma_210_firmware | 10.2.0.8-37sv | |
sonicwall | sma_210_firmware | 10.2.1.2-24sv | |
sonicwall | sma210 | - | |
sonicwall | sma_400_firmware | * | |
sonicwall | sma_400_firmware | 10.2.0.8-37sv | |
sonicwall | sma_400_firmware | 10.2.1.2-24sv | |
sonicwall | sma400 | - | |
sonicwall | sma_410_firmware | * | |
sonicwall | sma_410_firmware | 10.2.0.8-37sv | |
sonicwall | sma_410_firmware | 10.2.1.2-24sv | |
sonicwall | sma410 | - | |
sonicwall | sma_500v_firmware | * | |
sonicwall | sma_500v_firmware | 10.2.0.8-37sv | |
sonicwall | sma_500v_firmware | 10.2.1.2-24sv | |
sonicwall | sma500v | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sonicwall:sma_100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C1A02AA5-1A61-429B-B0B3-898636C4B563", versionEndExcluding: "10.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:sonicwall:sma_100_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", matchCriteriaId: "87A26093-E966-4EBA-AA58-2C98499B9165", vulnerable: true, }, { criteria: "cpe:2.3:o:sonicwall:sma_100_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*", matchCriteriaId: "5575D431-4FF7-4717-9DA8-4DBD1EF49BB1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sonicwall:sma100:-:*:*:*:*:*:*:*", matchCriteriaId: "8E4A2B7B-40F5-4AE0-ACC7-E94B82435DBA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sonicwall:sma_200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "903AAB55-2325-44BA-ADA9-69AAEE9A1AF9", versionEndExcluding: "10.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:sonicwall:sma_200_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", matchCriteriaId: "4185C028-6A07-4A92-8380-9AA3953D2CFD", vulnerable: true, }, { criteria: "cpe:2.3:o:sonicwall:sma_200_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*", matchCriteriaId: "01134E66-F1FD-477B-AD44-FDEE8368BE18", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sonicwall:sma200:-:*:*:*:*:*:*:*", matchCriteriaId: "F4AE2DFC-D7C3-40B8-B3DD-B65F7BB5D8C3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sonicwall:sma_210_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F4892669-DD8A-4A28-B6AA-632A8DA861AC", versionEndExcluding: "10.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:sonicwall:sma_210_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", matchCriteriaId: "E62EEC93-6F52-4DDB-95F0-D5736391D64C", vulnerable: true, }, { criteria: "cpe:2.3:o:sonicwall:sma_210_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*", matchCriteriaId: "B38AAB98-7668-4F34-8D5F-9933422F12DD", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sonicwall:sma210:-:*:*:*:*:*:*:*", matchCriteriaId: "E069FF32-C6B6-4EB3-B6E4-CEF6A6C4257D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sonicwall:sma_400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F9AC3454-D403-4989-81F3-9DD7608967AA", versionEndExcluding: "10.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:sonicwall:sma_400_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", matchCriteriaId: "9BE21589-3BEC-4245-9939-CF50DE70B12A", vulnerable: true, }, { criteria: "cpe:2.3:o:sonicwall:sma_400_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*", matchCriteriaId: "54946A90-09AC-4387-BACB-883AE70FD5A7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sonicwall:sma400:-:*:*:*:*:*:*:*", matchCriteriaId: "8A0EF9C5-685E-49A4-ABFE-302781111753", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sonicwall:sma_410_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "42AE0158-515A-4565-B814-27AEAD941304", versionEndExcluding: "10.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:sonicwall:sma_410_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", matchCriteriaId: "53698BD3-43B6-4EC4-8847-E6ED9A3CB6F6", vulnerable: true, }, { criteria: "cpe:2.3:o:sonicwall:sma_410_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*", matchCriteriaId: "9F1FA3D8-C44A-4F33-B35D-AADF8C4E45DF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sonicwall:sma410:-:*:*:*:*:*:*:*", matchCriteriaId: "47C0EBD9-B4BA-4E45-8BE3-3B6C60BF0FC1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sonicwall:sma_500v_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4AE054F5-87E5-4DF5-9CD8-BF39428A092F", versionEndExcluding: "10.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:sonicwall:sma_500v_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", matchCriteriaId: "379F7CA2-8914-4710-AE6B-D2833605D4B8", vulnerable: true, }, { criteria: "cpe:2.3:o:sonicwall:sma_500v_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*", matchCriteriaId: "9395563D-9071-4CE2-BAEA-D6854F4AD961", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sonicwall:sma500v:-:*:*:*:*:*:*:*", matchCriteriaId: "8FF52AAE-592C-4472-866C-7776ADBA5E93", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted management APIs being accessible without a user login, potentially exposing configuration meta-data.", }, { lang: "es", value: "Una vulnerabilidad de control de acceso inapropiado en la serie SMA100 conlleva a que varias API de administración restringidas sean accesibles sin un inicio de sesión de usuario, exponiendo potencialmente los metadatos de configuración", }, ], id: "CVE-2021-20050", lastModified: "2024-11-21T05:45:51.470", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-23T02:15:06.637", references: [ { source: "PSIRT@sonicwall.com", tags: [ "Vendor Advisory", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0031", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0031", }, ], sourceIdentifier: "PSIRT@sonicwall.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-284", }, ], source: "PSIRT@sonicwall.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Vendor | Product | Version | |
---|---|---|---|
sonicwall | sma_100_firmware | * | |
sonicwall | sma_100_firmware | 10.2.0.8-37sv | |
sonicwall | sma_100_firmware | 10.2.1.2-24sv | |
sonicwall | sma100 | - | |
sonicwall | sma_200_firmware | * | |
sonicwall | sma_200_firmware | 10.2.0.8-37sv | |
sonicwall | sma_200_firmware | 10.2.1.2-24sv | |
sonicwall | sma200 | - | |
sonicwall | sma_210_firmware | * | |
sonicwall | sma_210_firmware | 10.2.0.8-37sv | |
sonicwall | sma_210_firmware | 10.2.1.2-24sv | |
sonicwall | sma210 | - | |
sonicwall | sma_400_firmware | * | |
sonicwall | sma_400_firmware | 10.2.0.8-37sv | |
sonicwall | sma_400_firmware | 10.2.1.2-24sv | |
sonicwall | sma400 | - | |
sonicwall | sma_410_firmware | * | |
sonicwall | sma_410_firmware | 10.2.0.8-37sv | |
sonicwall | sma_410_firmware | 10.2.1.2-24sv | |
sonicwall | sma410 | - | |
sonicwall | sma_500v_firmware | * | |
sonicwall | sma_500v_firmware | 10.2.0.8-37sv | |
sonicwall | sma_500v_firmware | 10.2.1.2-24sv | |
sonicwall | sma500v | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sonicwall:sma_100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C1A02AA5-1A61-429B-B0B3-898636C4B563", versionEndExcluding: "10.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:sonicwall:sma_100_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", matchCriteriaId: "87A26093-E966-4EBA-AA58-2C98499B9165", vulnerable: true, }, { criteria: "cpe:2.3:o:sonicwall:sma_100_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*", matchCriteriaId: "5575D431-4FF7-4717-9DA8-4DBD1EF49BB1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sonicwall:sma100:-:*:*:*:*:*:*:*", matchCriteriaId: "8E4A2B7B-40F5-4AE0-ACC7-E94B82435DBA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sonicwall:sma_200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "903AAB55-2325-44BA-ADA9-69AAEE9A1AF9", versionEndExcluding: "10.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:sonicwall:sma_200_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", matchCriteriaId: "4185C028-6A07-4A92-8380-9AA3953D2CFD", vulnerable: true, }, { criteria: "cpe:2.3:o:sonicwall:sma_200_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*", matchCriteriaId: "01134E66-F1FD-477B-AD44-FDEE8368BE18", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sonicwall:sma200:-:*:*:*:*:*:*:*", matchCriteriaId: "F4AE2DFC-D7C3-40B8-B3DD-B65F7BB5D8C3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sonicwall:sma_210_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F4892669-DD8A-4A28-B6AA-632A8DA861AC", versionEndExcluding: "10.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:sonicwall:sma_210_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", matchCriteriaId: "E62EEC93-6F52-4DDB-95F0-D5736391D64C", vulnerable: true, }, { criteria: "cpe:2.3:o:sonicwall:sma_210_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*", matchCriteriaId: "B38AAB98-7668-4F34-8D5F-9933422F12DD", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sonicwall:sma210:-:*:*:*:*:*:*:*", matchCriteriaId: "E069FF32-C6B6-4EB3-B6E4-CEF6A6C4257D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sonicwall:sma_400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F9AC3454-D403-4989-81F3-9DD7608967AA", versionEndExcluding: "10.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:sonicwall:sma_400_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", matchCriteriaId: "9BE21589-3BEC-4245-9939-CF50DE70B12A", vulnerable: true, }, { criteria: "cpe:2.3:o:sonicwall:sma_400_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*", matchCriteriaId: "54946A90-09AC-4387-BACB-883AE70FD5A7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sonicwall:sma400:-:*:*:*:*:*:*:*", matchCriteriaId: "8A0EF9C5-685E-49A4-ABFE-302781111753", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sonicwall:sma_410_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "42AE0158-515A-4565-B814-27AEAD941304", versionEndExcluding: "10.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:sonicwall:sma_410_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", matchCriteriaId: "53698BD3-43B6-4EC4-8847-E6ED9A3CB6F6", vulnerable: true, }, { criteria: "cpe:2.3:o:sonicwall:sma_410_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*", matchCriteriaId: "9F1FA3D8-C44A-4F33-B35D-AADF8C4E45DF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sonicwall:sma410:-:*:*:*:*:*:*:*", matchCriteriaId: "47C0EBD9-B4BA-4E45-8BE3-3B6C60BF0FC1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sonicwall:sma_500v_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4AE054F5-87E5-4DF5-9CD8-BF39428A092F", versionEndExcluding: "10.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:sonicwall:sma_500v_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", matchCriteriaId: "379F7CA2-8914-4710-AE6B-D2833605D4B8", vulnerable: true, }, { criteria: "cpe:2.3:o:sonicwall:sma_500v_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*", matchCriteriaId: "9395563D-9071-4CE2-BAEA-D6854F4AD961", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sonicwall:sma500v:-:*:*:*:*:*:*:*", matchCriteriaId: "8FF52AAE-592C-4472-866C-7776ADBA5E93", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. This vulnerability impacts 10.2.1.2-24sv, 10.2.0.8-37sv and earlier 10.x versions.", }, { lang: "es", value: "Una vulnerabilidad en la API de cambio de contraseña de SonicWall SMA100, permite a un atacante remoto no autenticado llevar a cabo una enumeración de nombres de usuario de SMA100 basándose en las respuestas del servidor. Esta vulnerabilidad afecta a las versiones 10.2.1.2-24sv, 10.2.0.8-37sv y versiones anteriores 10.x", }, ], id: "CVE-2021-20049", lastModified: "2024-11-21T05:45:51.337", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-23T02:15:06.583", references: [ { source: "PSIRT@sonicwall.com", tags: [ "Vendor Advisory", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0030", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0030", }, ], sourceIdentifier: "PSIRT@sonicwall.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-204", }, ], source: "PSIRT@sonicwall.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-203", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2021-20049
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0030 | x_refsource_CONFIRM |
Vendor | Product | Version | |
---|---|---|---|
▼ | SonicWall | SonicWall SMA100 |
Version: 10.2.0.8-37sv and earlier Version: 10.2.1.2-24sv and earlier |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:30:07.418Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0030", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "SonicWall SMA100", vendor: "SonicWall", versions: [ { status: "affected", version: "10.2.0.8-37sv and earlier", }, { status: "affected", version: "10.2.1.2-24sv and earlier", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. This vulnerability impacts 10.2.1.2-24sv, 10.2.0.8-37sv and earlier 10.x versions.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-204", description: "CWE-204: Observable Response Discrepancy", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-23T01:20:09", orgId: "44b2ff79-1416-4492-88bb-ed0da00c7315", shortName: "sonicwall", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0030", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "PSIRT@sonicwall.com", ID: "CVE-2021-20049", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "SonicWall SMA100", version: { version_data: [ { version_value: "10.2.0.8-37sv and earlier", }, { version_value: "10.2.1.2-24sv and earlier", }, ], }, }, ], }, vendor_name: "SonicWall", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. This vulnerability impacts 10.2.1.2-24sv, 10.2.0.8-37sv and earlier 10.x versions.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-204: Observable Response Discrepancy", }, ], }, ], }, references: { reference_data: [ { name: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0030", refsource: "CONFIRM", url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0030", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "44b2ff79-1416-4492-88bb-ed0da00c7315", assignerShortName: "sonicwall", cveId: "CVE-2021-20049", datePublished: "2021-12-23T01:20:09", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-03T17:30:07.418Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-20050
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0031 | x_refsource_CONFIRM |
Vendor | Product | Version | |
---|---|---|---|
▼ | SonicWall | SonicWall SMA100 |
Version: 10.2.0.8-37sv and earlier Version: 10.2.1.2-24sv and earlier |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:30:07.388Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0031", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "SonicWall SMA100", vendor: "SonicWall", versions: [ { status: "affected", version: "10.2.0.8-37sv and earlier", }, { status: "affected", version: "10.2.1.2-24sv and earlier", }, ], }, ], descriptions: [ { lang: "en", value: "An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted management APIs being accessible without a user login, potentially exposing configuration meta-data.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "CWE-284: Improper Access Control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-23T01:20:11", orgId: "44b2ff79-1416-4492-88bb-ed0da00c7315", shortName: "sonicwall", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0031", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "PSIRT@sonicwall.com", ID: "CVE-2021-20050", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "SonicWall SMA100", version: { version_data: [ { version_value: "10.2.0.8-37sv and earlier", }, { version_value: "10.2.1.2-24sv and earlier", }, ], }, }, ], }, vendor_name: "SonicWall", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted management APIs being accessible without a user login, potentially exposing configuration meta-data.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-284: Improper Access Control", }, ], }, ], }, references: { reference_data: [ { name: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0031", refsource: "CONFIRM", url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0031", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "44b2ff79-1416-4492-88bb-ed0da00c7315", assignerShortName: "sonicwall", cveId: "CVE-2021-20050", datePublished: "2021-12-23T01:20:11", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-03T17:30:07.388Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
var-202312-2070
Vulnerability from variot
Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user, potentially leading to OS Command Injection Vulnerability. SMA200 firmware, SMA210 firmware, SMA400 firmware etc. SonicWALL The product has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202312-2070", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "sma 410", scope: "lte", trust: 1, vendor: "sonicwall", version: "10.2.1.9-57sv", }, { model: "sma 500v", scope: "lte", trust: 1, vendor: "sonicwall", version: "10.2.1.9-57sv", }, { model: "sma 200", scope: "lte", trust: 1, vendor: "sonicwall", version: "10.2.1.9-57sv", }, { model: "sma 400", scope: "lte", trust: 1, vendor: "sonicwall", version: "10.2.1.9-57sv", }, { model: "sma 210", scope: "lte", trust: 1, vendor: "sonicwall", version: "10.2.1.9-57sv", }, { model: "sma500v", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, { model: "sma200", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, { model: "sma400", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, { model: "sma410", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, { model: "sma210", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-019954", }, { db: "NVD", id: "CVE-2023-44221", }, ], }, cve: "CVE-2023-44221", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.2, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 7.2, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2023-44221", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2023-44221", trust: 1.8, value: "HIGH", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-019954", }, { db: "NVD", id: "CVE-2023-44221", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user, potentially leading to OS Command Injection Vulnerability. SMA200 firmware, SMA210 firmware, SMA400 firmware etc. SonicWALL The product has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", sources: [ { db: "NVD", id: "CVE-2023-44221", }, { db: "JVNDB", id: "JVNDB-2023-019954", }, ], trust: 1.62, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-44221", trust: 2.6, }, { db: "JVNDB", id: "JVNDB-2023-019954", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-019954", }, { db: "NVD", id: "CVE-2023-44221", }, ], }, id: "VAR-202312-2070", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.875, }, last_update_date: "2024-01-18T22:39:24.800000Z", problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-78", trust: 1, }, { problemtype: "OS Command injection (CWE-78) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-019954", }, { db: "NVD", id: "CVE-2023-44221", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.8, url: "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2023-0018", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2023-44221", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-019954", }, { db: "NVD", id: "CVE-2023-44221", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "JVNDB", id: "JVNDB-2023-019954", }, { db: "NVD", id: "CVE-2023-44221", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2024-01-15T00:00:00", db: "JVNDB", id: "JVNDB-2023-019954", }, { date: "2023-12-05T21:15:07.150000", db: "NVD", id: "CVE-2023-44221", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2024-01-15T05:59:00", db: "JVNDB", id: "JVNDB-2023-019954", }, { date: "2023-12-13T15:33:56.183000", db: "NVD", id: "CVE-2023-44221", }, ], }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural SonicWALL In the product OS Command injection vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2023-019954", }, ], trust: 0.8, }, }
var-202208-2082
Vulnerability from variot
A Heap-based Buffer Overflow vulnerability in the SonicWall SMA100 appliance allows a remote authenticated attacker to cause Denial of Service (DoS) on the appliance or potentially lead to code execution. This vulnerability impacts 10.2.1.5-34sv and earlier versions. SMA200 firmware, SMA210 firmware, SMA400 firmware etc. SonicWALL The product contains a vulnerability related to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202208-2082", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "sma 400", scope: "lte", trust: 1, vendor: "sonicwall", version: "10.2.1.5-34sv", }, { model: "sma 200", scope: "lte", trust: 1, vendor: "sonicwall", version: "10.2.1.5-34sv", }, { model: "sma 500v", scope: "lte", trust: 1, vendor: "sonicwall", version: "10.2.1.5-34sv", }, { model: "sma 210", scope: "lte", trust: 1, vendor: "sonicwall", version: "10.2.1.5-34sv", }, { model: "sma 410", scope: "lte", trust: 1, vendor: "sonicwall", version: "10.2.1.5-34sv", }, { model: "sma410", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, { model: "sma500v", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, { model: "sma200", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, { model: "sma210", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, { model: "sma400", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-015995", }, { db: "NVD", id: "CVE-2022-2915", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sma_200_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "10.2.1.5-34sv", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sma_200:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sma_210_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "10.2.1.5-34sv", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sma_210:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sma_400_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "10.2.1.5-34sv", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sma_400:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sma_410_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "10.2.1.5-34sv", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sma_410:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sma_500v_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "10.2.1.5-34sv", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sma_500v:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2022-2915", }, ], }, cve: "CVE-2022-2915", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 8.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2022-2915", impactScore: null, integrityImpact: "High", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2022-2915", trust: 1.8, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202208-4247", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-015995", }, { db: "NVD", id: "CVE-2022-2915", }, { db: "CNNVD", id: "CNNVD-202208-4247", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A Heap-based Buffer Overflow vulnerability in the SonicWall SMA100 appliance allows a remote authenticated attacker to cause Denial of Service (DoS) on the appliance or potentially lead to code execution. This vulnerability impacts 10.2.1.5-34sv and earlier versions. SMA200 firmware, SMA210 firmware, SMA400 firmware etc. SonicWALL The product contains a vulnerability related to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", sources: [ { db: "NVD", id: "CVE-2022-2915", }, { db: "JVNDB", id: "JVNDB-2022-015995", }, { db: "VULMON", id: "CVE-2022-2915", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-2915", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2022-015995", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202208-4247", trust: 0.6, }, { db: "VULMON", id: "CVE-2022-2915", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2022-2915", }, { db: "JVNDB", id: "JVNDB-2022-015995", }, { db: "NVD", id: "CVE-2022-2915", }, { db: "CNNVD", id: "CNNVD-202208-4247", }, ], }, id: "VAR-202208-2082", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.875, }, last_update_date: "2023-12-18T13:46:28.308000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "SonicWALL SMA100 Buffer error vulnerability fix", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=207790", }, ], sources: [ { db: "CNNVD", id: "CNNVD-202208-4247", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1, }, { problemtype: "Out-of-bounds writing (CWE-787) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-015995", }, { db: "NVD", id: "CVE-2022-2915", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.5, url: "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2022-0019", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2022-2915", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-2915/", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2022-2915", }, { db: "JVNDB", id: "JVNDB-2022-015995", }, { db: "NVD", id: "CVE-2022-2915", }, { db: "CNNVD", id: "CNNVD-202208-4247", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2022-2915", }, { db: "JVNDB", id: "JVNDB-2022-015995", }, { db: "NVD", id: "CVE-2022-2915", }, { db: "CNNVD", id: "CNNVD-202208-4247", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-08-26T00:00:00", db: "VULMON", id: "CVE-2022-2915", }, { date: "2023-09-29T00:00:00", db: "JVNDB", id: "JVNDB-2022-015995", }, { date: "2022-08-26T21:15:08.867000", db: "NVD", id: "CVE-2022-2915", }, { date: "2022-08-26T00:00:00", db: "CNNVD", id: "CNNVD-202208-4247", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-08-27T00:00:00", db: "VULMON", id: "CVE-2022-2915", }, { date: "2023-09-29T08:07:00", db: "JVNDB", id: "JVNDB-2022-015995", }, { date: "2022-09-01T19:27:14.893000", db: "NVD", id: "CVE-2022-2915", }, { date: "2022-09-15T00:00:00", db: "CNNVD", id: "CNNVD-202208-4247", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202208-4247", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural SonicWALL Out-of-bounds write vulnerabilities in the product", sources: [ { db: "JVNDB", id: "JVNDB-2022-015995", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202208-4247", }, ], trust: 0.6, }, }
var-202112-0361
Vulnerability from variot
A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv and earlier versions. plural SonicWALL Appliances contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202112-0361", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "sma 210", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.1.1-19sv", }, { model: "sma 210", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.1.2-24sv", }, { model: "sma 500v", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.0.8-37sv", }, { model: "sma 400", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.1.1-19sv", }, { model: "sma 200", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.1.1-19sv", }, { model: "sma 410", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.1.1-19sv", }, { model: "sma 200", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.1.2-24sv", }, { model: "sma 410", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.1.2-24sv", }, { model: "sma 210", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.0.8-37sv", }, { model: "sma 400", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.0.8-37sv", }, { model: "sma 200", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.0.8-37sv", }, { model: "sma 410", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.0.8-37sv", }, { model: "sma 500v", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.1.1-19sv", }, { model: "sma 500v", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.1.2-24sv", }, { model: "sma 400", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.1.2-24sv", }, { model: "sma200", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, { model: "sma410", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, { model: "sma400", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, { model: "sma500v", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, { model: "sma210", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-016109", }, { db: "NVD", id: "CVE-2021-20038", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sma_200_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_200_firmware:10.2.1.1-19sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_200_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sma_200:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sma_210_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_210_firmware:10.2.1.1-19sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_210_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sma_210:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sma_410_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_410_firmware:10.2.1.1-19sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_410_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sma_410:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sma_400_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_400_firmware:10.2.1.1-19sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_400_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sma_400:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sma_500v_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_500v_firmware:10.2.1.1-19sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_500v_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sma_500v:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-20038", }, ], }, cve: "CVE-2021-20038", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 7.5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2021-20038", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-20038", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-20038", trust: 1.8, value: "CRITICAL", }, { author: "CNNVD", id: "CNNVD-202112-557", trust: 0.6, value: "CRITICAL", }, { author: "VULMON", id: "CVE-2021-20038", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2021-20038", }, { db: "JVNDB", id: "JVNDB-2021-016109", }, { db: "NVD", id: "CVE-2021-20038", }, { db: "CNNVD", id: "CNNVD-202112-557", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv and earlier versions. plural SonicWALL Appliances contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", sources: [ { db: "NVD", id: "CVE-2021-20038", }, { db: "JVNDB", id: "JVNDB-2021-016109", }, { db: "VULMON", id: "CVE-2021-20038", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-20038", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2021-016109", trust: 0.8, }, { db: "CS-HELP", id: "SB2021120713", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202112-557", trust: 0.6, }, { db: "VULMON", id: "CVE-2021-20038", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2021-20038", }, { db: "JVNDB", id: "JVNDB-2021-016109", }, { db: "NVD", id: "CVE-2021-20038", }, { db: "CNNVD", id: "CNNVD-202112-557", }, ], }, id: "VAR-202112-0361", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.875, }, last_update_date: "2023-12-18T11:56:55.510000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "SNWLID-2021-0026", trust: 0.8, url: "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0026", }, { title: "Sonicwall SMA100 Buffer error vulnerability fix", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=174193", }, { title: "", trust: 0.1, url: "https://github.com/exploitpwner/cve-2021-20038-mass-rce-sonicwall ", }, { title: "nmap-scripts", trust: 0.1, url: "https://github.com/s3ntinelx/nmap-scripts ", }, { title: "", trust: 0.1, url: "https://github.com/xmassnowreal/cve-2021-20038-mass-rce ", }, { title: "", trust: 0.1, url: "https://github.com/exploitpwner/cve-2021-20038-mass-rce ", }, { title: "BleepingComputer", trust: 0.1, url: "https://www.bleepingcomputer.com/news/security/attackers-now-actively-targeting-critical-sonicwall-rce-bug/", }, { title: "Threatpost", trust: 0.1, url: "https://threatpost.com/sonicwall-nac-vulnerability-apache-mods/177529/", }, { title: "The Register", trust: 0.1, url: "https://www.theregister.co.uk/2022/01/11/sonicwall_multiple_vulns/", }, { title: "Threatpost", trust: 0.1, url: "https://threatpost.com/critical-sonicwall-vpn-bugs-appliance-takeover/176869/", }, ], sources: [ { db: "VULMON", id: "CVE-2021-20038", }, { db: "JVNDB", id: "JVNDB-2021-016109", }, { db: "CNNVD", id: "CNNVD-202112-557", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1, }, { problemtype: "Out-of-bounds writing (CWE-787) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-016109", }, { db: "NVD", id: "CVE-2021-20038", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.5, url: "https://www.rapid7.com/blog/post/2022/01/11/cve-2021-20038-42-sonicwall-sma-100-multiple-vulnerabilities-fixed-2/", }, { trust: 1.7, url: "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0026", }, { trust: 1.7, url: "https://github.com/jbaines-r7/badblood", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-20038", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2021120713", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/787.html", }, { trust: 0.1, url: "https://github.com/exploitpwner/cve-2021-20038-mass-rce-sonicwall", }, { trust: 0.1, url: "https://github.com/s3ntinelx/nmap-scripts", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://threatpost.com/sonicwall-nac-vulnerability-apache-mods/177529/", }, ], sources: [ { db: "VULMON", id: "CVE-2021-20038", }, { db: "JVNDB", id: "JVNDB-2021-016109", }, { db: "NVD", id: "CVE-2021-20038", }, { db: "CNNVD", id: "CNNVD-202112-557", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2021-20038", }, { db: "JVNDB", id: "JVNDB-2021-016109", }, { db: "NVD", id: "CVE-2021-20038", }, { db: "CNNVD", id: "CNNVD-202112-557", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-12-08T00:00:00", db: "VULMON", id: "CVE-2021-20038", }, { date: "2022-12-06T00:00:00", db: "JVNDB", id: "JVNDB-2021-016109", }, { date: "2021-12-08T10:15:07.750000", db: "NVD", id: "CVE-2021-20038", }, { date: "2021-12-07T00:00:00", db: "CNNVD", id: "CNNVD-202112-557", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-05-13T00:00:00", db: "VULMON", id: "CVE-2021-20038", }, { date: "2022-12-06T09:05:00", db: "JVNDB", id: "JVNDB-2021-016109", }, { date: "2022-05-13T14:54:32.797000", db: "NVD", id: "CVE-2021-20038", }, { date: "2022-05-05T00:00:00", db: "CNNVD", id: "CNNVD-202112-557", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202112-557", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural SonicWALL Appliance out-of-bounds write vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2021-016109", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202112-557", }, ], trust: 0.6, }, }
var-202312-0929
Vulnerability from variot
Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external domain user using accent characters, resulting in an MFA bypass. SMA200 firmware, SMA210 firmware, SMA400 firmware etc. SonicWALL The product contains authentication vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202312-0929", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "sma 410", scope: "lte", trust: 1, vendor: "sonicwall", version: "10.2.1.9-57sv", }, { model: "sma 500v", scope: "lte", trust: 1, vendor: "sonicwall", version: "10.2.1.9-57sv", }, { model: "sma 200", scope: "lte", trust: 1, vendor: "sonicwall", version: "10.2.1.9-57sv", }, { model: "sma 400", scope: "lte", trust: 1, vendor: "sonicwall", version: "10.2.1.9-57sv", }, { model: "sma 210", scope: "lte", trust: 1, vendor: "sonicwall", version: "10.2.1.9-57sv", }, { model: "sma500v", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, { model: "sma200", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, { model: "sma400", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, { model: "sma410", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, { model: "sma210", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-019948", }, { db: "NVD", id: "CVE-2023-5970", }, ], }, cve: "CVE-2023-5970", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 8.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2023-5970", impactScore: null, integrityImpact: "High", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2023-5970", trust: 1.8, value: "HIGH", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-019948", }, { db: "NVD", id: "CVE-2023-5970", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external domain user using accent characters, resulting in an MFA bypass. SMA200 firmware, SMA210 firmware, SMA400 firmware etc. SonicWALL The product contains authentication vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", sources: [ { db: "NVD", id: "CVE-2023-5970", }, { db: "JVNDB", id: "JVNDB-2023-019948", }, ], trust: 1.62, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-5970", trust: 2.6, }, { db: "JVNDB", id: "JVNDB-2023-019948", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-019948", }, { db: "NVD", id: "CVE-2023-5970", }, ], }, id: "VAR-202312-0929", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.875, }, last_update_date: "2024-01-18T22:45:26.954000Z", problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-287", trust: 1, }, { problemtype: "Inappropriate authentication (CWE-287) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-019948", }, { db: "NVD", id: "CVE-2023-5970", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.8, url: "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2023-0018", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2023-5970", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-019948", }, { db: "NVD", id: "CVE-2023-5970", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "JVNDB", id: "JVNDB-2023-019948", }, { db: "NVD", id: "CVE-2023-5970", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2024-01-15T00:00:00", db: "JVNDB", id: "JVNDB-2023-019948", }, { date: "2023-12-05T21:15:07.667000", db: "NVD", id: "CVE-2023-5970", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2024-01-15T05:57:00", db: "JVNDB", id: "JVNDB-2023-019948", }, { date: "2023-12-13T15:32:02.247000", db: "NVD", id: "CVE-2023-5970", }, ], }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural SonicWALL Product certification vulnerabilities", sources: [ { db: "JVNDB", id: "JVNDB-2023-019948", }, ], trust: 0.8, }, }
var-202203-0661
Vulnerability from variot
Improper neutralization of Special Elements leading to OS Command Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access (SMA) 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlier versions and Secure Mobile Access (SMA) 100 series products running older firmware 9.0.0.9-26sv and earlier versions. ** Not supported ** This is a vulnerability in an unsupported product. SMA200 firmware, SMA210 firmware, SMA400 firmware etc. SonicWALL The product has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202203-0661", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "sra 4600", scope: "lte", trust: 1, vendor: "sonicwall", version: "9.0.0.5-19sv", }, { model: "sma 200", scope: "lte", trust: 1, vendor: "sonicwall", version: "9.0.0.9-26sv", }, { model: "sra 1600", scope: "lte", trust: 1, vendor: "sonicwall", version: "9.0.0.5-19sv", }, { model: "sma 210", scope: "lte", trust: 1, vendor: "sonicwall", version: "9.0.0.9-26sv", }, { model: "sra 4200", scope: "lte", trust: 1, vendor: "sonicwall", version: "9.0.0.5-19sv", }, { model: "sra 1200", scope: "lte", trust: 1, vendor: "sonicwall", version: "9.0.0.5-19sv", }, { model: "sma 500v", scope: "lte", trust: 1, vendor: "sonicwall", version: "9.0.0.9-26sv", }, { model: "sma 400", scope: "lte", trust: 1, vendor: "sonicwall", version: "9.0.0.9-26sv", }, { model: "sma 410", scope: "lte", trust: 1, vendor: "sonicwall", version: "9.0.0.9-26sv", }, { model: "sma400", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, { model: "sma200", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, { model: "sra 1600", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, { model: "sra 4200", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, { model: "sra 4600", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, { model: "sma210", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, { model: "sma410", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, { model: "sma500v", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, { model: "sra 1200", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-007210", }, { db: "NVD", id: "CVE-2022-22273", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sma_200_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "9.0.0.9-26sv", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sma_200:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sma_210_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "9.0.0.9-26sv", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sma_210:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sma_400_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "9.0.0.9-26sv", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sma_400:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sma_410_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "9.0.0.9-26sv", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sma_410:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sma_500v_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "9.0.0.9-26sv", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sma_500v:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sra_4200_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "9.0.0.5-19sv", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sra_4200:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sra_4600_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "9.0.0.5-19sv", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sra_4600:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sra_1600_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "9.0.0.5-19sv", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sra_1600:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sra_1200_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "9.0.0.5-19sv", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sra_1200:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2022-22273", }, ], }, cve: "CVE-2022-22273", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 7.5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2022-22273", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2022-22273", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2022-22273", trust: 1.8, value: "CRITICAL", }, { author: "CNNVD", id: "CNNVD-202203-1558", trust: 0.6, value: "CRITICAL", }, { author: "VULMON", id: "CVE-2022-22273", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2022-22273", }, { db: "JVNDB", id: "JVNDB-2022-007210", }, { db: "CNNVD", id: "CNNVD-202203-1558", }, { db: "NVD", id: "CVE-2022-22273", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Improper neutralization of Special Elements leading to OS Command Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access (SMA) 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlier versions and Secure Mobile Access (SMA) 100 series products running older firmware 9.0.0.9-26sv and earlier versions. ** Not supported ** This is a vulnerability in an unsupported product. SMA200 firmware, SMA210 firmware, SMA400 firmware etc. SonicWALL The product has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", sources: [ { db: "NVD", id: "CVE-2022-22273", }, { db: "JVNDB", id: "JVNDB-2022-007210", }, { db: "VULMON", id: "CVE-2022-22273", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-22273", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2022-007210", trust: 0.8, }, { db: "CS-HELP", id: "SB2022032427", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202203-1558", trust: 0.6, }, { db: "VULMON", id: "CVE-2022-22273", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2022-22273", }, { db: "JVNDB", id: "JVNDB-2022-007210", }, { db: "CNNVD", id: "CNNVD-202203-1558", }, { db: "NVD", id: "CVE-2022-22273", }, ], }, id: "VAR-202203-0661", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.875, }, last_update_date: "2024-06-06T23:09:03.360000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "SonicWall SSLVPN Fixes for operating system command injection vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=187035", }, { title: "CVE-2022-XXXX", trust: 0.1, url: "https://github.com/alphabugx/cve-2022-23305 ", }, { title: "CVE-2022-XXXX", trust: 0.1, url: "https://github.com/alphabugx/cve-2022-rce ", }, ], sources: [ { db: "VULMON", id: "CVE-2022-22273", }, { db: "CNNVD", id: "CNNVD-202203-1558", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-78", trust: 1, }, { problemtype: "OS Command injection (CWE-78) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-007210", }, { db: "NVD", id: "CVE-2022-22273", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.5, url: "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2022-0001", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2022-22273", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-22273/", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2022032427", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/78.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://github.com/alphabugx/cve-2022-23305", }, ], sources: [ { db: "VULMON", id: "CVE-2022-22273", }, { db: "JVNDB", id: "JVNDB-2022-007210", }, { db: "CNNVD", id: "CNNVD-202203-1558", }, { db: "NVD", id: "CVE-2022-22273", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2022-22273", }, { db: "JVNDB", id: "JVNDB-2022-007210", }, { db: "CNNVD", id: "CNNVD-202203-1558", }, { db: "NVD", id: "CVE-2022-22273", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-03-17T00:00:00", db: "VULMON", id: "CVE-2022-22273", }, { date: "2023-07-12T00:00:00", db: "JVNDB", id: "JVNDB-2022-007210", }, { date: "2022-03-17T00:00:00", db: "CNNVD", id: "CNNVD-202203-1558", }, { date: "2022-03-17T02:15:06.567000", db: "NVD", id: "CVE-2022-22273", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-11-07T00:00:00", db: "VULMON", id: "CVE-2022-22273", }, { date: "2023-07-12T08:29:00", db: "JVNDB", id: "JVNDB-2022-007210", }, { date: "2022-04-06T00:00:00", db: "CNNVD", id: "CNNVD-202203-1558", }, { date: "2024-06-05T19:15:10.840000", db: "NVD", id: "CVE-2022-22273", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202203-1558", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural SonicWALL In the product OS Command injection vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2022-007210", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "operating system commend injection", sources: [ { db: "CNNVD", id: "CNNVD-202203-1558", }, ], trust: 0.6, }, }
var-202112-0426
Vulnerability from variot
A Heap-based buffer overflow vulnerability in SonicWall SMA100 getBookmarks method allows a remote authenticated attacker to potentially execute code as the nobody user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. plural SonicWALL Appliances contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202112-0426", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "sma 210", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.1.1-19sv", }, { model: "sma 400", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.1.1-19sv", }, { model: "sma 200", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.1.1-19sv", }, { model: "sma 410", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.1.1-19sv", }, { model: "sma 400", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.0.8-37sv", }, { model: "sma 210", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.0.8-37sv", }, { model: "sma 200", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.0.8-37sv", }, { model: "sma 410", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.0.8-37sv", }, { model: "sma 500v", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.1.1-19sv", }, { model: "sma 500v", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.0.8-37sv", }, { model: "sma200", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, { model: "sma410", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, { model: "sma400", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, { model: "sma500v", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, { model: "sma210", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-016104", }, { db: "NVD", id: "CVE-2021-20043", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sma_200_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_200_firmware:10.2.1.1-19sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sma_200:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sma_210_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_210_firmware:10.2.1.1-19sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sma_210:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sma_410_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_410_firmware:10.2.1.1-19sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sma_410:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sma_400_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_400_firmware:10.2.1.1-19sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sma_400:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sma_500v_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_500v_firmware:10.2.1.1-19sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sma_500v:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-20043", }, ], }, cve: "CVE-2021-20043", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 8, impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "Single", author: "NVD", availabilityImpact: "Partial", baseScore: 6.5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2021-20043", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 8.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-20043", impactScore: null, integrityImpact: "High", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-20043", trust: 1.8, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202112-552", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-016104", }, { db: "NVD", id: "CVE-2021-20043", }, { db: "CNNVD", id: "CNNVD-202112-552", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A Heap-based buffer overflow vulnerability in SonicWall SMA100 getBookmarks method allows a remote authenticated attacker to potentially execute code as the nobody user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. plural SonicWALL Appliances contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", sources: [ { db: "NVD", id: "CVE-2021-20043", }, { db: "JVNDB", id: "JVNDB-2021-016104", }, ], trust: 1.62, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-20043", trust: 3.2, }, { db: "JVNDB", id: "JVNDB-2021-016104", trust: 0.8, }, { db: "CS-HELP", id: "SB2021120713", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202112-552", trust: 0.6, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-016104", }, { db: "NVD", id: "CVE-2021-20043", }, { db: "CNNVD", id: "CNNVD-202112-552", }, ], }, id: "VAR-202112-0426", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.875, }, last_update_date: "2023-12-18T11:56:55.490000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "SNWLID-2021-0026", trust: 0.8, url: "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0026", }, { title: "Sonicwall SMA100 Buffer error vulnerability fix", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=174192", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-016104", }, { db: "CNNVD", id: "CNNVD-202112-552", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1, }, { problemtype: "Out-of-bounds writing (CWE-787) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-016104", }, { db: "NVD", id: "CVE-2021-20043", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.6, url: "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0026", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-20043", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2021120713", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-016104", }, { db: "NVD", id: "CVE-2021-20043", }, { db: "CNNVD", id: "CNNVD-202112-552", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "JVNDB", id: "JVNDB-2021-016104", }, { db: "NVD", id: "CVE-2021-20043", }, { db: "CNNVD", id: "CNNVD-202112-552", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-12-06T00:00:00", db: "JVNDB", id: "JVNDB-2021-016104", }, { date: "2021-12-08T10:15:08.100000", db: "NVD", id: "CVE-2021-20043", }, { date: "2021-12-07T00:00:00", db: "CNNVD", id: "CNNVD-202112-552", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-12-06T08:31:00", db: "JVNDB", id: "JVNDB-2021-016104", }, { date: "2021-12-10T18:19:14.460000", db: "NVD", id: "CVE-2021-20043", }, { date: "2021-12-15T00:00:00", db: "CNNVD", id: "CNNVD-202112-552", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202112-552", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural SonicWALL Appliance out-of-bounds write vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2021-016104", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202112-552", }, ], trust: 0.6, }, }
var-202102-0898
Vulnerability from variot
A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x. SonicWall SSLVPN SMA100 The product has SQL An injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Sonicwall SMA100 is a security access gateway device of American Sonicwall Company
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202102-0898", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "sma 100", scope: "gte", trust: 1, vendor: "sonicwall", version: "10.0.0.0", }, { model: "sma 410", scope: "eq", trust: 1, vendor: "sonicwall", version: null, }, { model: "sma 400", scope: "eq", trust: 1, vendor: "sonicwall", version: null, }, { model: "sma 210", scope: "eq", trust: 1, vendor: "sonicwall", version: null, }, { model: "sma 500v", scope: "eq", trust: 1, vendor: "sonicwall", version: null, }, { model: "sma 100", scope: "lt", trust: 1, vendor: "sonicwall", version: "10.2.0.5-d-29sv", }, { model: "sma 200", scope: "eq", trust: 1, vendor: "sonicwall", version: null, }, { model: "sma500v", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, { model: "sma210", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, { model: "sma200", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, { model: "sma410", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, { model: "sma100", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, { model: "sma400", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-003143", }, { db: "NVD", id: "CVE-2021-20016", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sma_100_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "10.2.0.5-d-29sv", versionStartIncluding: "10.0.0.0", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sma_100:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sma_200_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sma_200:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sma_210_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sma_210:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sma_400_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sma_400:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sma_410_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sma_410:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:sonicwall:sma_500v:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-20016", }, ], }, cve: "CVE-2021-20016", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 7.5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2021-20016", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "VHN-377635", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "HIGH", trust: 0.1, vectorString: "AV:N/AC:L/AU:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-20016", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-20016", trust: 1.8, value: "CRITICAL", }, { author: "CNNVD", id: "CNNVD-202102-394", trust: 0.6, value: "CRITICAL", }, { author: "VULHUB", id: "VHN-377635", trust: 0.1, value: "HIGH", }, { author: "VULMON", id: "CVE-2021-20016", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-377635", }, { db: "VULMON", id: "CVE-2021-20016", }, { db: "JVNDB", id: "JVNDB-2021-003143", }, { db: "NVD", id: "CVE-2021-20016", }, { db: "CNNVD", id: "CNNVD-202102-394", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x. SonicWall SSLVPN SMA100 The product has SQL An injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Sonicwall SMA100 is a security access gateway device of American Sonicwall Company", sources: [ { db: "NVD", id: "CVE-2021-20016", }, { db: "JVNDB", id: "JVNDB-2021-003143", }, { db: "VULHUB", id: "VHN-377635", }, { db: "VULMON", id: "CVE-2021-20016", }, ], trust: 1.8, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-20016", trust: 2.6, }, { db: "JVNDB", id: "JVNDB-2021-003143", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202102-394", trust: 0.7, }, { db: "VULHUB", id: "VHN-377635", trust: 0.1, }, { db: "VULMON", id: "CVE-2021-20016", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-377635", }, { db: "VULMON", id: "CVE-2021-20016", }, { db: "JVNDB", id: "JVNDB-2021-003143", }, { db: "NVD", id: "CVE-2021-20016", }, { db: "CNNVD", id: "CNNVD-202102-394", }, ], }, id: "VAR-202102-0898", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-377635", }, ], trust: 0.882169116, }, last_update_date: "2023-12-18T12:55:42.671000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "SNWLID-2021-0001", trust: 0.8, url: "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0001", }, { title: "Sonicwall SMA100 SQL Repair measures for injecting vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=141126", }, { title: "Fireeye Threat Research", trust: 0.1, url: "https://www.fireeye.com/blog/threat-research/2021/05/shining-a-light-on-darkside-ransomware-operations.html", }, { title: "Fireeye Threat Research", trust: 0.1, url: "https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html", }, ], sources: [ { db: "VULMON", id: "CVE-2021-20016", }, { db: "JVNDB", id: "JVNDB-2021-003143", }, { db: "CNNVD", id: "CNNVD-202102-394", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-89", trust: 1.1, }, { problemtype: "SQL injection (CWE-89) [NVD Evaluation ]", trust: 0.8, }, ], sources: [ { db: "VULHUB", id: "VHN-377635", }, { db: "JVNDB", id: "JVNDB-2021-003143", }, { db: "NVD", id: "CVE-2021-20016", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.8, url: "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0001", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-20016", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/89.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html", }, ], sources: [ { db: "VULHUB", id: "VHN-377635", }, { db: "VULMON", id: "CVE-2021-20016", }, { db: "JVNDB", id: "JVNDB-2021-003143", }, { db: "NVD", id: "CVE-2021-20016", }, { db: "CNNVD", id: "CNNVD-202102-394", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-377635", }, { db: "VULMON", id: "CVE-2021-20016", }, { db: "JVNDB", id: "JVNDB-2021-003143", }, { db: "NVD", id: "CVE-2021-20016", }, { db: "CNNVD", id: "CNNVD-202102-394", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-02-04T00:00:00", db: "VULHUB", id: "VHN-377635", }, { date: "2021-02-04T00:00:00", db: "VULMON", id: "CVE-2021-20016", }, { date: "2021-10-19T00:00:00", db: "JVNDB", id: "JVNDB-2021-003143", }, { date: "2021-02-04T06:15:13.817000", db: "NVD", id: "CVE-2021-20016", }, { date: "2021-02-04T00:00:00", db: "CNNVD", id: "CNNVD-202102-394", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-02-08T00:00:00", db: "VULHUB", id: "VHN-377635", }, { date: "2021-02-08T00:00:00", db: "VULMON", id: "CVE-2021-20016", }, { date: "2021-10-19T07:03:00", db: "JVNDB", id: "JVNDB-2021-003143", }, { date: "2021-02-08T14:40:46.170000", db: "NVD", id: "CVE-2021-20016", }, { date: "2021-02-09T00:00:00", db: "CNNVD", id: "CNNVD-202102-394", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202102-394", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "SonicWall SSLVPN SMA100 In the product SQL Injection vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2021-003143", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "SQL injection", sources: [ { db: "CNNVD", id: "CNNVD-202102-394", }, ], trust: 0.6, }, }
var-202112-0730
Vulnerability from variot
An unauthenticated remote attacker can use SMA 100 as an unintended proxy or intermediary undetectable proxy to bypass firewall rules. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. plural SonicWALL Appliances contain an external controllable reference vulnerability to other space resources.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Sonicwall SMA100 is a secure access gateway device from Sonicwall Company in the United States
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202112-0730", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "sma200", scope: null, trust: 1.4, vendor: "sonicwall", version: null, }, { model: "sma410", scope: null, trust: 1.4, vendor: "sonicwall", version: null, }, { model: "sma500v", scope: null, trust: 1.4, vendor: "sonicwall", version: null, }, { model: "sma400", scope: null, trust: 1.4, vendor: "sonicwall", version: null, }, { model: "sma 210", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.1.1-19sv", }, { model: "sma 400", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.1.1-19sv", }, { model: "sma 200", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.1.1-19sv", }, { model: "sma 410", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.1.1-19sv", }, { model: "sma 400", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.0.8-37sv", }, { model: "sma 500v", scope: "eq", trust: 1, vendor: "sonicwall", version: "9.0.0.11-31sv", }, { model: "sma 210", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.0.8-37sv", }, { model: "sma 200", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.0.8-37sv", }, { model: "sma 410", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.0.8-37sv", }, { model: "sma 400", scope: "eq", trust: 1, vendor: "sonicwall", version: "9.0.0.11-31sv", }, { model: "sma 210", scope: "eq", trust: 1, vendor: "sonicwall", version: "9.0.0.11-31sv", }, { model: "sma 200", scope: "eq", trust: 1, vendor: "sonicwall", version: "9.0.0.11-31sv", }, { model: "sma 410", scope: "eq", trust: 1, vendor: "sonicwall", version: "9.0.0.11-31sv", }, { model: "sma 500v", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.1.1-19sv", }, { model: "sma 500v", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.0.8-37sv", }, { model: "sma210", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, { model: "sma100", scope: null, trust: 0.6, vendor: "sonicwall", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2022-08929", }, { db: "JVNDB", id: "JVNDB-2021-016105", }, { db: "NVD", id: "CVE-2021-20042", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sma_200_firmware:9.0.0.11-31sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_200_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_200_firmware:10.2.1.1-19sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sma_200:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sma_210_firmware:9.0.0.11-31sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_210_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_210_firmware:10.2.1.1-19sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sma_210:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sma_410_firmware:9.0.0.11-31sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_410_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_410_firmware:10.2.1.1-19sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sma_410:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sma_400_firmware:9.0.0.11-31sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_400_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_400_firmware:10.2.1.1-19sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sma_400:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sma_500v_firmware:9.0.0.11-31sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_500v_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_500v_firmware:10.2.1.1-19sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sma_500v:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-20042", }, ], }, cve: "CVE-2021-20042", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 7.5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2021-20042", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CNVD-2022-08929", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-20042", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-20042", trust: 1.8, value: "CRITICAL", }, { author: "CNVD", id: "CNVD-2022-08929", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202112-553", trust: 0.6, value: "CRITICAL", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2022-08929", }, { db: "JVNDB", id: "JVNDB-2021-016105", }, { db: "NVD", id: "CVE-2021-20042", }, { db: "CNNVD", id: "CNNVD-202112-553", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "An unauthenticated remote attacker can use SMA 100 as an unintended proxy or intermediary undetectable proxy to bypass firewall rules. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. plural SonicWALL Appliances contain an external controllable reference vulnerability to other space resources.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Sonicwall SMA100 is a secure access gateway device from Sonicwall Company in the United States", sources: [ { db: "NVD", id: "CVE-2021-20042", }, { db: "JVNDB", id: "JVNDB-2021-016105", }, { db: "CNVD", id: "CNVD-2022-08929", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-20042", trust: 3.8, }, { db: "JVNDB", id: "JVNDB-2021-016105", trust: 0.8, }, { db: "CNVD", id: "CNVD-2022-08929", trust: 0.6, }, { db: "CS-HELP", id: "SB2021120713", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202112-553", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2022-08929", }, { db: "JVNDB", id: "JVNDB-2021-016105", }, { db: "NVD", id: "CVE-2021-20042", }, { db: "CNNVD", id: "CNNVD-202112-553", }, ], }, id: "VAR-202112-0730", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2022-08929", }, ], trust: 1.382169116, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2022-08929", }, ], }, last_update_date: "2023-12-18T11:56:55.384000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "SNWLID-2021-0026", trust: 0.8, url: "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0026", }, { title: "Patch for Unknown Vulnerability in SonicWall SMA100", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/318166", }, { title: "SonicWall SMA100 Security vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=173994", }, ], sources: [ { db: "CNVD", id: "CNVD-2022-08929", }, { db: "JVNDB", id: "JVNDB-2021-016105", }, { db: "CNNVD", id: "CNNVD-202112-553", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-Other", trust: 1, }, { problemtype: "Externally controllable reference to another region resource (CWE-610) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-016105", }, { db: "NVD", id: "CVE-2021-20042", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2021-20042", }, { trust: 1.6, url: "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0026", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2021120713", }, ], sources: [ { db: "CNVD", id: "CNVD-2022-08929", }, { db: "JVNDB", id: "JVNDB-2021-016105", }, { db: "NVD", id: "CVE-2021-20042", }, { db: "CNNVD", id: "CNNVD-202112-553", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2022-08929", }, { db: "JVNDB", id: "JVNDB-2021-016105", }, { db: "NVD", id: "CVE-2021-20042", }, { db: "CNNVD", id: "CNNVD-202112-553", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-02-09T00:00:00", db: "CNVD", id: "CNVD-2022-08929", }, { date: "2022-12-06T00:00:00", db: "JVNDB", id: "JVNDB-2021-016105", }, { date: "2021-12-08T10:15:08.053000", db: "NVD", id: "CVE-2021-20042", }, { date: "2021-12-07T00:00:00", db: "CNNVD", id: "CNNVD-202112-553", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-02-09T00:00:00", db: "CNVD", id: "CNVD-2022-08929", }, { date: "2022-12-06T08:36:00", db: "JVNDB", id: "JVNDB-2021-016105", }, { date: "2023-06-26T19:15:03.807000", db: "NVD", id: "CVE-2021-20042", }, { date: "2023-06-27T00:00:00", db: "CNNVD", id: "CNNVD-202112-553", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202112-553", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural SonicWALL Vulnerability related to external controllable references to other space resources in appliances", sources: [ { db: "JVNDB", id: "JVNDB-2021-016105", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202112-553", }, ], trust: 0.6, }, }
var-202112-0424
Vulnerability from variot
A buffer overflow vulnerability in SMA100 sonicfiles RAC_COPY_TO (RacNumber 36) method allows a remote unauthenticated attacker to potentially execute code as the 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. plural SonicWALL Appliances contain a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202112-0424", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "sma 210", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.1.1-19sv", }, { model: "sma 400", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.1.1-19sv", }, { model: "sma 200", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.1.1-19sv", }, { model: "sma 410", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.1.1-19sv", }, { model: "sma 400", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.0.8-37sv", }, { model: "sma 210", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.0.8-37sv", }, { model: "sma 200", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.0.8-37sv", }, { model: "sma 410", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.0.8-37sv", }, { model: "sma 500v", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.1.1-19sv", }, { model: "sma 500v", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.0.8-37sv", }, { model: "sma210", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, { model: "sma200", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, { model: "sma410", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, { model: "sma400", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, { model: "sma500v", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-016101", }, { db: "NVD", id: "CVE-2021-20045", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sma_200_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_200_firmware:10.2.1.1-19sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sma_200:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sma_210_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_210_firmware:10.2.1.1-19sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sma_210:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sma_410_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_410_firmware:10.2.1.1-19sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sma_410:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sma_400_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_400_firmware:10.2.1.1-19sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sma_400:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sma_500v_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_500v_firmware:10.2.1.1-19sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sma_500v:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-20045", }, ], }, cve: "CVE-2021-20045", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 7.5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2021-20045", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-20045", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-20045", trust: 1.8, value: "CRITICAL", }, { author: "CNNVD", id: "CNNVD-202112-550", trust: 0.6, value: "CRITICAL", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-016101", }, { db: "NVD", id: "CVE-2021-20045", }, { db: "CNNVD", id: "CNNVD-202112-550", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A buffer overflow vulnerability in SMA100 sonicfiles RAC_COPY_TO (RacNumber 36) method allows a remote unauthenticated attacker to potentially execute code as the 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. plural SonicWALL Appliances contain a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", sources: [ { db: "NVD", id: "CVE-2021-20045", }, { db: "JVNDB", id: "JVNDB-2021-016101", }, ], trust: 1.62, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-20045", trust: 3.2, }, { db: "JVNDB", id: "JVNDB-2021-016101", trust: 0.8, }, { db: "CS-HELP", id: "SB2021120713", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202112-550", trust: 0.6, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-016101", }, { db: "NVD", id: "CVE-2021-20045", }, { db: "CNNVD", id: "CNNVD-202112-550", }, ], }, id: "VAR-202112-0424", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.875, }, last_update_date: "2023-12-18T11:56:55.533000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "SNWLID-2021-0026", trust: 0.8, url: "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0026", }, { title: "SonicWall SMA100 Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=173991", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-016101", }, { db: "CNNVD", id: "CNNVD-202112-550", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-120", trust: 1, }, { problemtype: "Classic buffer overflow (CWE-120) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-016101", }, { db: "NVD", id: "CVE-2021-20045", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.6, url: "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0026", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-20045", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2021120713", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-016101", }, { db: "NVD", id: "CVE-2021-20045", }, { db: "CNNVD", id: "CNNVD-202112-550", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "JVNDB", id: "JVNDB-2021-016101", }, { db: "NVD", id: "CVE-2021-20045", }, { db: "CNNVD", id: "CNNVD-202112-550", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-12-06T00:00:00", db: "JVNDB", id: "JVNDB-2021-016101", }, { date: "2021-12-08T10:15:08.200000", db: "NVD", id: "CVE-2021-20045", }, { date: "2021-12-07T00:00:00", db: "CNNVD", id: "CNNVD-202112-550", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-12-06T07:59:00", db: "JVNDB", id: "JVNDB-2021-016101", }, { date: "2021-12-10T18:04:37.307000", db: "NVD", id: "CVE-2021-20045", }, { date: "2021-12-15T00:00:00", db: "CNNVD", id: "CNNVD-202112-550", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202112-550", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural SonicWALL Appliance Classic Buffer Overflow Vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2021-016101", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202112-550", }, ], trust: 0.6, }, }
var-202112-0731
Vulnerability from variot
An unauthenticated and remote adversary can consume all of the device's CPU due to crafted HTTP requests sent to SMA100 /fileshare/sonicfiles/sonicfiles resulting in a loop with unreachable exit condition. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. plural SonicWALL Appliances contain an infinite loop vulnerability.Service operation interruption (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202112-0731", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "sma 210", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.1.1-19sv", }, { model: "sma 400", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.1.1-19sv", }, { model: "sma 200", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.1.1-19sv", }, { model: "sma 410", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.1.1-19sv", }, { model: "sma 400", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.0.8-37sv", }, { model: "sma 500v", scope: "eq", trust: 1, vendor: "sonicwall", version: "9.0.0.11-31sv", }, { model: "sma 210", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.0.8-37sv", }, { model: "sma 200", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.0.8-37sv", }, { model: "sma 410", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.0.8-37sv", }, { model: "sma 400", scope: "eq", trust: 1, vendor: "sonicwall", version: "9.0.0.11-31sv", }, { model: "sma 210", scope: "eq", trust: 1, vendor: "sonicwall", version: "9.0.0.11-31sv", }, { model: "sma 200", scope: "eq", trust: 1, vendor: "sonicwall", version: "9.0.0.11-31sv", }, { model: "sma 410", scope: "eq", trust: 1, vendor: "sonicwall", version: "9.0.0.11-31sv", }, { model: "sma 500v", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.1.1-19sv", }, { model: "sma 500v", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.0.8-37sv", }, { model: "sma200", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, { model: "sma410", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, { model: "sma400", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, { model: "sma500v", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, { model: "sma210", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-016106", }, { db: "NVD", id: "CVE-2021-20041", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sma_200_firmware:9.0.0.11-31sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_200_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_200_firmware:10.2.1.1-19sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sma_200:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sma_210_firmware:9.0.0.11-31sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_210_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_210_firmware:10.2.1.1-19sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sma_210:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sma_410_firmware:9.0.0.11-31sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_410_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_410_firmware:10.2.1.1-19sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sma_410:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sma_400_firmware:9.0.0.11-31sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_400_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_400_firmware:10.2.1.1-19sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sma_400:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sma_500v_firmware:9.0.0.11-31sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_500v_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_500v_firmware:10.2.1.1-19sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sma_500v:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-20041", }, ], }, cve: "CVE-2021-20041", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", exploitabilityScore: 10, impactScore: 6.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Complete", baseScore: 7.8, confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2021-20041", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", exploitabilityScore: 3.9, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 7.5, baseSeverity: "High", confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2021-20041", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-20041", trust: 1.8, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202112-554", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-016106", }, { db: "NVD", id: "CVE-2021-20041", }, { db: "CNNVD", id: "CNNVD-202112-554", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "An unauthenticated and remote adversary can consume all of the device's CPU due to crafted HTTP requests sent to SMA100 /fileshare/sonicfiles/sonicfiles resulting in a loop with unreachable exit condition. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. plural SonicWALL Appliances contain an infinite loop vulnerability.Service operation interruption (DoS) It may be in a state", sources: [ { db: "NVD", id: "CVE-2021-20041", }, { db: "JVNDB", id: "JVNDB-2021-016106", }, ], trust: 1.62, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-20041", trust: 3.2, }, { db: "JVNDB", id: "JVNDB-2021-016106", trust: 0.8, }, { db: "CS-HELP", id: "SB2021120713", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202112-554", trust: 0.6, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-016106", }, { db: "NVD", id: "CVE-2021-20041", }, { db: "CNNVD", id: "CNNVD-202112-554", }, ], }, id: "VAR-202112-0731", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.875, }, last_update_date: "2023-12-18T11:56:55.428000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "SNWLID-2021-0026", trust: 0.8, url: "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0026", }, { title: "SonicWall SMA100 Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=174396", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-016106", }, { db: "CNNVD", id: "CNNVD-202112-554", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-835", trust: 1, }, { problemtype: "infinite loop (CWE-835) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-016106", }, { db: "NVD", id: "CVE-2021-20041", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.6, url: "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0026", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-20041", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2021120713", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-016106", }, { db: "NVD", id: "CVE-2021-20041", }, { db: "CNNVD", id: "CNNVD-202112-554", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "JVNDB", id: "JVNDB-2021-016106", }, { db: "NVD", id: "CVE-2021-20041", }, { db: "CNNVD", id: "CNNVD-202112-554", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-12-06T00:00:00", db: "JVNDB", id: "JVNDB-2021-016106", }, { date: "2021-12-08T10:15:08.003000", db: "NVD", id: "CVE-2021-20041", }, { date: "2021-12-07T00:00:00", db: "CNNVD", id: "CNNVD-202112-554", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-12-06T08:41:00", db: "JVNDB", id: "JVNDB-2021-016106", }, { date: "2021-12-10T21:59:54.930000", db: "NVD", id: "CVE-2021-20041", }, { date: "2021-12-15T00:00:00", db: "CNNVD", id: "CNNVD-202112-554", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202112-554", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural SonicWALL Infinite loop vulnerability in appliances", sources: [ { db: "JVNDB", id: "JVNDB-2021-016106", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202112-554", }, ], trust: 0.6, }, }
var-202112-1591
Vulnerability from variot
A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. This vulnerability impacts 10.2.1.2-24sv, 10.2.0.8-37sv and earlier 10.x versions. SonicWall SMA100 Exists in observable mismatch vulnerabilities.Information may be obtained. Sonicwall SMA100 is a secure access gateway device from Sonicwall Company in the United States.
The SonicWall SMA100 has a security flaw that could allow an attacker to enumerate usernames
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202112-1591", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "sma100", scope: null, trust: 1.4, vendor: "sonicwall", version: null, }, { model: "sma 210", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.1.2-24sv", }, { model: "sma 400", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.1.2-24sv", }, { model: "sma 410", scope: "lt", trust: 1, vendor: "sonicwall", version: "10.0.0.0", }, { model: "sma 500v", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.0.8-37sv", }, { model: "sma 100", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.0.8-37sv", }, { model: "sma 200", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.1.2-24sv", }, { model: "sma 400", scope: "lt", trust: 1, vendor: "sonicwall", version: "10.0.0.0", }, { model: "sma 210", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.0.8-37sv", }, { model: "sma 400", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.0.8-37sv", }, { model: "sma 410", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.1.2-24sv", }, { model: "sma 500v", scope: "lt", trust: 1, vendor: "sonicwall", version: "10.0.0.0", }, { model: "sma 200", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.0.8-37sv", }, { model: "sma 410", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.0.8-37sv", }, { model: "sma 500v", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.1.2-24sv", }, { model: "sma 100", scope: "lt", trust: 1, vendor: "sonicwall", version: "10.0.0.0", }, { model: "sma 200", scope: "lt", trust: 1, vendor: "sonicwall", version: "10.0.0.0", }, { model: "sma 210", scope: "lt", trust: 1, vendor: "sonicwall", version: "10.0.0.0", }, { model: "sma 100", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.1.2-24sv", }, { model: "sma210", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, { model: "sma500v", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, { model: "sma200", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, { model: "sma410", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, { model: "sma400", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2022-06907", }, { db: "JVNDB", id: "JVNDB-2021-016940", }, { db: "NVD", id: "CVE-2021-20049", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sma_100_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_100_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_100_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "10.0.0.0", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sma100:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sma_200_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_200_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_200_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "10.0.0.0", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sma200:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sma_210_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_210_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_210_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "10.0.0.0", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sma210:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sma_400_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_400_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_400_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "10.0.0.0", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sma400:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sma_410_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_410_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_410_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "10.0.0.0", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sma410:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sma_500v_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_500v_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_500v_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "10.0.0.0", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sma500v:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-20049", }, ], }, cve: "CVE-2021-20049", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2021-20049", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CNVD-2022-06907", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 7.5, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-20049", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-20049", trust: 1.8, value: "HIGH", }, { author: "CNVD", id: "CNVD-2022-06907", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202112-2137", trust: 0.6, value: "HIGH", }, { author: "VULMON", id: "CVE-2021-20049", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2022-06907", }, { db: "VULMON", id: "CVE-2021-20049", }, { db: "JVNDB", id: "JVNDB-2021-016940", }, { db: "NVD", id: "CVE-2021-20049", }, { db: "CNNVD", id: "CNNVD-202112-2137", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. This vulnerability impacts 10.2.1.2-24sv, 10.2.0.8-37sv and earlier 10.x versions. SonicWall SMA100 Exists in observable mismatch vulnerabilities.Information may be obtained. Sonicwall SMA100 is a secure access gateway device from Sonicwall Company in the United States. \n\r\n\r\nThe SonicWall SMA100 has a security flaw that could allow an attacker to enumerate usernames", sources: [ { db: "NVD", id: "CVE-2021-20049", }, { db: "JVNDB", id: "JVNDB-2021-016940", }, { db: "CNVD", id: "CNVD-2022-06907", }, { db: "VULMON", id: "CVE-2021-20049", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-20049", trust: 3.9, }, { db: "JVNDB", id: "JVNDB-2021-016940", trust: 0.8, }, { db: "CNVD", id: "CNVD-2022-06907", trust: 0.6, }, { db: "CS-HELP", id: "SB2021122102", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202112-2137", trust: 0.6, }, { db: "VULMON", id: "CVE-2021-20049", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2022-06907", }, { db: "VULMON", id: "CVE-2021-20049", }, { db: "JVNDB", id: "JVNDB-2021-016940", }, { db: "NVD", id: "CVE-2021-20049", }, { db: "CNNVD", id: "CNNVD-202112-2137", }, ], }, id: "VAR-202112-1591", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2022-06907", }, ], trust: 1.382169116, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2022-06907", }, ], }, last_update_date: "2023-12-18T13:22:38.779000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "SNWLID-2021-0030", trust: 0.8, url: "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0030", }, { title: "Patch for SonicWall SMA100 Information Disclosure Vulnerability", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/316326", }, { title: "SonicWall SMA100 Repair measures for information disclosure vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=177009", }, ], sources: [ { db: "CNVD", id: "CNVD-2022-06907", }, { db: "JVNDB", id: "JVNDB-2021-016940", }, { db: "CNNVD", id: "CNNVD-202112-2137", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-203", trust: 1, }, { problemtype: "Observable discrepancy (CWE-203) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-016940", }, { db: "NVD", id: "CVE-2021-20049", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2021-20049", }, { trust: 1.7, url: "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0030", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2021122102", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/200.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2022-06907", }, { db: "VULMON", id: "CVE-2021-20049", }, { db: "JVNDB", id: "JVNDB-2021-016940", }, { db: "NVD", id: "CVE-2021-20049", }, { db: "CNNVD", id: "CNNVD-202112-2137", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2022-06907", }, { db: "VULMON", id: "CVE-2021-20049", }, { db: "JVNDB", id: "JVNDB-2021-016940", }, { db: "NVD", id: "CVE-2021-20049", }, { db: "CNNVD", id: "CNNVD-202112-2137", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-01-26T00:00:00", db: "CNVD", id: "CNVD-2022-06907", }, { date: "2021-12-23T00:00:00", db: "VULMON", id: "CVE-2021-20049", }, { date: "2022-12-27T00:00:00", db: "JVNDB", id: "JVNDB-2021-016940", }, { date: "2021-12-23T02:15:06.583000", db: "NVD", id: "CVE-2021-20049", }, { date: "2021-12-21T00:00:00", db: "CNNVD", id: "CNNVD-202112-2137", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-01-26T00:00:00", db: "CNVD", id: "CNVD-2022-06907", }, { date: "2022-01-04T00:00:00", db: "VULMON", id: "CVE-2021-20049", }, { date: "2022-12-27T04:44:00", db: "JVNDB", id: "JVNDB-2021-016940", }, { date: "2022-07-08T18:20:05.127000", db: "NVD", id: "CVE-2021-20049", }, { date: "2022-07-11T00:00:00", db: "CNNVD", id: "CNNVD-202112-2137", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202112-2137", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "SonicWall SMA100 Information Disclosure Vulnerability", sources: [ { db: "CNVD", id: "CNVD-2022-06907", }, { db: "CNNVD", id: "CNNVD-202112-2137", }, ], trust: 1.2, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "information disclosure", sources: [ { db: "CNNVD", id: "CNNVD-202112-2137", }, ], trust: 0.6, }, }
var-202110-1958
Vulnerability from variot
An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted management APIs being accessible without a user login, potentially exposing configuration meta-data. SMA100 The series has an unspecified vulnerability.Information may be obtained
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202110-1958", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "sma 210", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.1.2-24sv", }, { model: "sma 400", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.1.2-24sv", }, { model: "sma 410", scope: "lt", trust: 1, vendor: "sonicwall", version: "10.0.0.0", }, { model: "sma 500v", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.0.8-37sv", }, { model: "sma 100", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.0.8-37sv", }, { model: "sma 200", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.1.2-24sv", }, { model: "sma 400", scope: "lt", trust: 1, vendor: "sonicwall", version: "10.0.0.0", }, { model: "sma 210", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.0.8-37sv", }, { model: "sma 400", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.0.8-37sv", }, { model: "sma 410", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.1.2-24sv", }, { model: "sma 500v", scope: "lt", trust: 1, vendor: "sonicwall", version: "10.0.0.0", }, { model: "sma 200", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.0.8-37sv", }, { model: "sma 410", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.0.8-37sv", }, { model: "sma 500v", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.1.2-24sv", }, { model: "sma 100", scope: "lt", trust: 1, vendor: "sonicwall", version: "10.0.0.0", }, { model: "sma 200", scope: "lt", trust: 1, vendor: "sonicwall", version: "10.0.0.0", }, { model: "sma 210", scope: "lt", trust: 1, vendor: "sonicwall", version: "10.0.0.0", }, { model: "sma 100", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.1.2-24sv", }, { model: "sma100", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, { model: "sma210", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, { model: "sma500v", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, { model: "sma200", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, { model: "sma410", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, { model: "sma400", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-016938", }, { db: "NVD", id: "CVE-2021-20050", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sma_100_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_100_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_100_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "10.0.0.0", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sma100:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sma_200_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_200_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_200_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "10.0.0.0", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sma200:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sma_210_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_210_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_210_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "10.0.0.0", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sma210:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sma_400_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_400_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_400_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "10.0.0.0", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sma400:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sma_410_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_410_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_410_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "10.0.0.0", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sma410:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sma_500v_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_500v_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_500v_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "10.0.0.0", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sma500v:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-20050", }, ], }, cve: "CVE-2021-20050", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2021-20050", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 7.5, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-20050", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-20050", trust: 1.8, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202112-2135", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-016938", }, { db: "NVD", id: "CVE-2021-20050", }, { db: "CNNVD", id: "CNNVD-202112-2135", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted management APIs being accessible without a user login, potentially exposing configuration meta-data. SMA100 The series has an unspecified vulnerability.Information may be obtained", sources: [ { db: "NVD", id: "CVE-2021-20050", }, { db: "JVNDB", id: "JVNDB-2021-016938", }, ], trust: 1.62, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-20050", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2021-016938", trust: 0.8, }, { db: "CS-HELP", id: "SB2021122102", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202112-2135", trust: 0.6, }, { db: "VULMON", id: "CVE-2021-20050", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2021-20050", }, { db: "JVNDB", id: "JVNDB-2021-016938", }, { db: "NVD", id: "CVE-2021-20050", }, { db: "CNNVD", id: "CNNVD-202112-2135", }, ], }, id: "VAR-202110-1958", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.782169116, }, last_update_date: "2023-12-18T13:22:38.807000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "SNWLID-2021-0031", trust: 0.8, url: "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0031", }, { title: "Sonicwall SMA100 Fixes for access control error vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=177008", }, { title: "CVE-2021-22005_PoC", trust: 0.1, url: "https://github.com/redteamexp/cve-2021-22005_poc ", }, ], sources: [ { db: "VULMON", id: "CVE-2021-20050", }, { db: "JVNDB", id: "JVNDB-2021-016938", }, { db: "CNNVD", id: "CNNVD-202112-2135", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-Other", trust: 1, }, { problemtype: "others (CWE-Other) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-016938", }, { db: "NVD", id: "CVE-2021-20050", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.6, url: "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0031", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-20050", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2021122102", }, { trust: 0.1, url: "https://github.com/redteamexp/cve-2021-22005_poc", }, ], sources: [ { db: "VULMON", id: "CVE-2021-20050", }, { db: "JVNDB", id: "JVNDB-2021-016938", }, { db: "NVD", id: "CVE-2021-20050", }, { db: "CNNVD", id: "CNNVD-202112-2135", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2021-20050", }, { db: "JVNDB", id: "JVNDB-2021-016938", }, { db: "NVD", id: "CVE-2021-20050", }, { db: "CNNVD", id: "CNNVD-202112-2135", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-12-27T00:00:00", db: "JVNDB", id: "JVNDB-2021-016938", }, { date: "2021-12-23T02:15:06.637000", db: "NVD", id: "CVE-2021-20050", }, { date: "2021-12-21T00:00:00", db: "CNNVD", id: "CNNVD-202112-2135", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-12-27T04:40:00", db: "JVNDB", id: "JVNDB-2021-016938", }, { date: "2022-10-21T20:03:35.393000", db: "NVD", id: "CVE-2021-20050", }, { date: "2022-10-24T00:00:00", db: "CNNVD", id: "CNNVD-202112-2135", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202112-2135", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "SMA100 Vulnerability in series", sources: [ { db: "JVNDB", id: "JVNDB-2021-016938", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202112-2135", }, ], trust: 0.6, }, }
var-202112-0425
Vulnerability from variot
A post-authentication remote command injection vulnerability in SonicWall SMA100 allows a remote authenticated attacker to execute OS system commands in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202112-0425", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "sma 210", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.1.1-19sv", }, { model: "sma 400", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.1.1-19sv", }, { model: "sma 200", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.1.1-19sv", }, { model: "sma 410", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.1.1-19sv", }, { model: "sma 400", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.0.8-37sv", }, { model: "sma 210", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.0.8-37sv", }, { model: "sma 200", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.0.8-37sv", }, { model: "sma 410", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.0.8-37sv", }, { model: "sma 500v", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.1.1-19sv", }, { model: "sma 500v", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.0.8-37sv", }, { model: "sma200", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, { model: "sma410", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, { model: "sma400", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, { model: "sma500v", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, { model: "sma210", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-016103", }, { db: "NVD", id: "CVE-2021-20044", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sma_200_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_200_firmware:10.2.1.1-19sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sma_200:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sma_210_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_210_firmware:10.2.1.1-19sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sma_210:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sma_410_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_410_firmware:10.2.1.1-19sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sma_410:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sma_400_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_400_firmware:10.2.1.1-19sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sma_400:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sma_500v_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_500v_firmware:10.2.1.1-19sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sma_500v:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-20044", }, ], }, cve: "CVE-2021-20044", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "NVD", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", exploitabilityScore: 8, impactScore: 10, integrityImpact: "COMPLETE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "Single", author: "NVD", availabilityImpact: "Complete", baseScore: 9, confidentialityImpact: "Complete", exploitabilityScore: null, id: "CVE-2021-20044", impactScore: null, integrityImpact: "Complete", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 8.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-20044", impactScore: null, integrityImpact: "High", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-20044", trust: 1.8, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202112-551", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-016103", }, { db: "NVD", id: "CVE-2021-20044", }, { db: "CNNVD", id: "CNNVD-202112-551", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A post-authentication remote command injection vulnerability in SonicWall SMA100 allows a remote authenticated attacker to execute OS system commands in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. (DoS) It may be in a state", sources: [ { db: "NVD", id: "CVE-2021-20044", }, { db: "JVNDB", id: "JVNDB-2021-016103", }, ], trust: 1.62, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-20044", trust: 3.2, }, { db: "JVNDB", id: "JVNDB-2021-016103", trust: 0.8, }, { db: "CS-HELP", id: "SB2021120713", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202112-551", trust: 0.6, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-016103", }, { db: "NVD", id: "CVE-2021-20044", }, { db: "CNNVD", id: "CNNVD-202112-551", }, ], }, id: "VAR-202112-0425", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.875, }, last_update_date: "2023-12-18T11:56:55.449000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "SNWLID-2021-0026", trust: 0.8, url: "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0026", }, { title: "Sonicwall SMA100 Fixes for operating system command injection vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=173992", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-016103", }, { db: "CNNVD", id: "CNNVD-202112-551", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-78", trust: 1, }, { problemtype: "OS Command injection (CWE-78) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-016103", }, { db: "NVD", id: "CVE-2021-20044", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.6, url: "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0026", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-20044", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2021120713", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-016103", }, { db: "NVD", id: "CVE-2021-20044", }, { db: "CNNVD", id: "CNNVD-202112-551", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "JVNDB", id: "JVNDB-2021-016103", }, { db: "NVD", id: "CVE-2021-20044", }, { db: "CNNVD", id: "CNNVD-202112-551", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-12-06T00:00:00", db: "JVNDB", id: "JVNDB-2021-016103", }, { date: "2021-12-08T10:15:08.150000", db: "NVD", id: "CVE-2021-20044", }, { date: "2021-12-07T00:00:00", db: "CNNVD", id: "CNNVD-202112-551", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-12-06T08:14:00", db: "JVNDB", id: "JVNDB-2021-016103", }, { date: "2021-12-10T18:12:57.647000", db: "NVD", id: "CVE-2021-20044", }, { date: "2021-12-13T00:00:00", db: "CNNVD", id: "CNNVD-202112-551", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202112-551", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural SonicWALL in the appliance OS Command injection vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2021-016103", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "operating system commend injection", sources: [ { db: "CNNVD", id: "CNNVD-202112-551", }, ], trust: 0.6, }, }
var-202112-0732
Vulnerability from variot
A relative path traversal vulnerability in the SMA100 upload funtion allows a remote unauthenticated attacker to upload crafted web pages or files as a 'nobody' user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. plural SonicWALL Appliance contains a path traversal vulnerability.Information may be tampered with
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202112-0732", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "sma 210", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.1.1-19sv", }, { model: "sma 400", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.1.1-19sv", }, { model: "sma 200", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.1.1-19sv", }, { model: "sma 410", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.1.1-19sv", }, { model: "sma 400", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.0.8-37sv", }, { model: "sma 210", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.0.8-37sv", }, { model: "sma 200", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.0.8-37sv", }, { model: "sma 410", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.0.8-37sv", }, { model: "sma 500v", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.1.1-19sv", }, { model: "sma 500v", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.0.8-37sv", }, { model: "sma200", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, { model: "sma410", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, { model: "sma400", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, { model: "sma500v", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, { model: "sma210", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-016107", }, { db: "NVD", id: "CVE-2021-20040", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sma_200_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_200_firmware:10.2.1.1-19sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sma_200:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sma_210_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_210_firmware:10.2.1.1-19sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sma_210:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sma_410_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_410_firmware:10.2.1.1-19sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sma_410:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sma_400_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_400_firmware:10.2.1.1-19sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sma_400:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sma_500v_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_500v_firmware:10.2.1.1-19sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sma_500v:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-20040", }, ], }, cve: "CVE-2021-20040", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", exploitabilityScore: 10, impactScore: 2.9, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 5, confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2021-20040", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", exploitabilityScore: 3.9, impactScore: 3.6, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 7.5, baseSeverity: "High", confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2021-20040", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-20040", trust: 1.8, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202112-555", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-016107", }, { db: "NVD", id: "CVE-2021-20040", }, { db: "CNNVD", id: "CNNVD-202112-555", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A relative path traversal vulnerability in the SMA100 upload funtion allows a remote unauthenticated attacker to upload crafted web pages or files as a 'nobody' user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. plural SonicWALL Appliance contains a path traversal vulnerability.Information may be tampered with", sources: [ { db: "NVD", id: "CVE-2021-20040", }, { db: "JVNDB", id: "JVNDB-2021-016107", }, ], trust: 1.62, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-20040", trust: 3.2, }, { db: "JVNDB", id: "JVNDB-2021-016107", trust: 0.8, }, { db: "CS-HELP", id: "SB2021120713", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202112-555", trust: 0.6, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-016107", }, { db: "NVD", id: "CVE-2021-20040", }, { db: "CNNVD", id: "CNNVD-202112-555", }, ], }, id: "VAR-202112-0732", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.875, }, last_update_date: "2023-12-18T11:56:55.409000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "SNWLID-2021-0026", trust: 0.8, url: "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0026", }, { title: "Sonicwall SMA100 Repair measures for path traversal vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=173996", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-016107", }, { db: "CNNVD", id: "CNNVD-202112-555", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-22", trust: 1, }, { problemtype: "Path traversal (CWE-22) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-016107", }, { db: "NVD", id: "CVE-2021-20040", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.6, url: "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0026", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-20040", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2021120713", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-016107", }, { db: "NVD", id: "CVE-2021-20040", }, { db: "CNNVD", id: "CNNVD-202112-555", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "JVNDB", id: "JVNDB-2021-016107", }, { db: "NVD", id: "CVE-2021-20040", }, { db: "CNNVD", id: "CNNVD-202112-555", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-12-06T00:00:00", db: "JVNDB", id: "JVNDB-2021-016107", }, { date: "2021-12-08T10:15:07.953000", db: "NVD", id: "CVE-2021-20040", }, { date: "2021-12-07T00:00:00", db: "CNNVD", id: "CNNVD-202112-555", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-12-06T08:50:00", db: "JVNDB", id: "JVNDB-2021-016107", }, { date: "2021-12-10T22:11:11.603000", db: "NVD", id: "CVE-2021-20040", }, { date: "2021-12-15T00:00:00", db: "CNNVD", id: "CNNVD-202112-555", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202112-555", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural SonicWALL Path Traversal Vulnerability in Appliances", sources: [ { db: "JVNDB", id: "JVNDB-2021-016107", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "path traversal", sources: [ { db: "CNNVD", id: "CNNVD-202112-555", }, ], trust: 0.6, }, }
var-202112-0389
Vulnerability from variot
Improper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert' POST http method allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. plural SonicWALL The appliance has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202112-0389", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "sma 210", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.1.1-19sv", }, { model: "sma 400", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.1.1-19sv", }, { model: "sma 200", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.1.1-19sv", }, { model: "sma 410", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.1.1-19sv", }, { model: "sma 400", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.0.8-37sv", }, { model: "sma 500v", scope: "eq", trust: 1, vendor: "sonicwall", version: "9.0.0.11-31sv", }, { model: "sma 210", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.0.8-37sv", }, { model: "sma 200", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.0.8-37sv", }, { model: "sma 410", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.0.8-37sv", }, { model: "sma 400", scope: "eq", trust: 1, vendor: "sonicwall", version: "9.0.0.11-31sv", }, { model: "sma 210", scope: "eq", trust: 1, vendor: "sonicwall", version: "9.0.0.11-31sv", }, { model: "sma 200", scope: "eq", trust: 1, vendor: "sonicwall", version: "9.0.0.11-31sv", }, { model: "sma 410", scope: "eq", trust: 1, vendor: "sonicwall", version: "9.0.0.11-31sv", }, { model: "sma 500v", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.1.1-19sv", }, { model: "sma 500v", scope: "eq", trust: 1, vendor: "sonicwall", version: "10.2.0.8-37sv", }, { model: "sma200", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, { model: "sma410", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, { model: "sma400", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, { model: "sma500v", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, { model: "sma210", scope: null, trust: 0.8, vendor: "sonicwall", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-016108", }, { db: "NVD", id: "CVE-2021-20039", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sma_200_firmware:9.0.0.11-31sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_200_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_200_firmware:10.2.1.1-19sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sma_200:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sma_210_firmware:9.0.0.11-31sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_210_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_210_firmware:10.2.1.1-19sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sma_210:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sma_410_firmware:9.0.0.11-31sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_410_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_410_firmware:10.2.1.1-19sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sma_410:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sma_400_firmware:9.0.0.11-31sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_400_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_400_firmware:10.2.1.1-19sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sma_400:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:sma_500v_firmware:9.0.0.11-31sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_500v_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:sonicwall:sma_500v_firmware:10.2.1.1-19sv:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:sma_500v:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-20039", }, ], }, cve: "CVE-2021-20039", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "NVD", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", exploitabilityScore: 8, impactScore: 10, integrityImpact: "COMPLETE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "Single", author: "NVD", availabilityImpact: "Complete", baseScore: 9, confidentialityImpact: "Complete", exploitabilityScore: null, id: "CVE-2021-20039", impactScore: null, integrityImpact: "Complete", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 8.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-20039", impactScore: null, integrityImpact: "High", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-20039", trust: 1.8, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202112-556", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-016108", }, { db: "NVD", id: "CVE-2021-20039", }, { db: "CNNVD", id: "CNNVD-202112-556", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Improper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert' POST http method allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. plural SonicWALL The appliance has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", sources: [ { db: "NVD", id: "CVE-2021-20039", }, { db: "JVNDB", id: "JVNDB-2021-016108", }, ], trust: 1.62, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-20039", trust: 3.2, }, { db: "PACKETSTORM", id: "165563", trust: 2.4, }, { db: "JVNDB", id: "JVNDB-2021-016108", trust: 0.8, }, { db: "CS-HELP", id: "SB2021120713", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202112-556", trust: 0.6, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-016108", }, { db: "NVD", id: "CVE-2021-20039", }, { db: "CNNVD", id: "CNNVD-202112-556", }, ], }, id: "VAR-202112-0389", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.875, }, last_update_date: "2023-12-18T11:56:55.470000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "SNWLID-2021-0026", trust: 0.8, url: "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0026", }, { title: "Sonicwall SMA100 Repair measures for operating system command injection vulnerability in operating system", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=173997", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-016108", }, { db: "CNNVD", id: "CNNVD-202112-556", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-78", trust: 1, }, { problemtype: "OS Command injection (CWE-78) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-016108", }, { db: "NVD", id: "CVE-2021-20039", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 3, url: "http://packetstormsecurity.com/files/165563/sonicwall-sma-100-series-authenticated-command-injection.html", }, { trust: 1.6, url: "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0026", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-20039", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2021120713", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-016108", }, { db: "NVD", id: "CVE-2021-20039", }, { db: "CNNVD", id: "CNNVD-202112-556", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "JVNDB", id: "JVNDB-2021-016108", }, { db: "NVD", id: "CVE-2021-20039", }, { db: "CNNVD", id: "CNNVD-202112-556", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-12-06T00:00:00", db: "JVNDB", id: "JVNDB-2021-016108", }, { date: "2021-12-08T10:15:07.903000", db: "NVD", id: "CVE-2021-20039", }, { date: "2021-12-07T00:00:00", db: "CNNVD", id: "CNNVD-202112-556", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-12-06T08:54:00", db: "JVNDB", id: "JVNDB-2021-016108", }, { date: "2022-04-01T15:27:07.097000", db: "NVD", id: "CVE-2021-20039", }, { date: "2022-01-14T00:00:00", db: "CNNVD", id: "CNNVD-202112-556", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202112-556", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural SonicWALL in the appliance OS Command injection vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2021-016108", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "operating system commend injection", sources: [ { db: "CNNVD", id: "CNNVD-202112-556", }, ], trust: 0.6, }, }