cvelistv5 - CVE-2021-20016

CVE-2021-20016 (GCVE-0-2021-20016)

Vulnerability from cvelistv5 – Published: 2021-02-03 20:35 – Updated: 2025-10-21 23:35

CISA

Summary

Severity ?

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Assigner

sonicwall

References

URL

Tags

https://psirt.global.sonicwall.com/vuln-detail/SN…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	SonicWall	SonicWall SMA100	Affected: SMA100 build version 10.x

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

Date added: 2021-11-03

Due date: 2021-11-17

Required action: Apply updates per vendor instructions.

Used in ransomware: Known

Notes: https://nvd.nist.gov/vuln/detail/CVE-2021-20016

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:30:07.417Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0001"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2021-20016",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-06T19:54:21.435978Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2021-11-03",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-20016"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:35:28.966Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-20016"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2021-11-03T00:00:00+00:00",
            "value": "CVE-2021-20016 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SonicWall SMA100",
          "vendor": "SonicWall",
          "versions": [
            {
              "status": "affected",
              "version": "SMA100 build version 10.x"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-03T20:35:14.000Z",
        "orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
        "shortName": "sonicwall"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0001"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "PSIRT@sonicwall.com",
          "ID": "CVE-2021-20016",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SonicWall SMA100",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "SMA100 build version 10.x"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "SonicWall"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0001",
              "refsource": "CONFIRM",
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0001"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
    "assignerShortName": "sonicwall",
    "cveId": "CVE-2021-20016",
    "datePublished": "2021-02-03T20:35:14.000Z",
    "dateReserved": "2020-12-17T00:00:00.000Z",
    "dateUpdated": "2025-10-21T23:35:28.966Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2021-20016",
      "cwes": "[\"CWE-89\"]",
      "dateAdded": "2021-11-03",
      "dueDate": "2021-11-17",
      "knownRansomwareCampaignUse": "Known",
      "notes": "https://nvd.nist.gov/vuln/detail/CVE-2021-20016",
      "product": "SSLVPN SMA100",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "SonicWall SSLVPN SMA100 contains a SQL injection vulnerability that allows remote exploitation for credential access by an unauthenticated attacker.",
      "vendorProject": "SonicWall",
      "vulnerabilityName": "SonicWall SSLVPN SMA100 SQL Injection Vulnerability"
    },
    "fkie_nvd": {
      "cisaActionDue": "2021-11-17",
      "cisaExploitAdd": "2021-11-03",
      "cisaRequiredAction": "Apply updates per vendor instructions.",
      "cisaVulnerabilityName": "SonicWall SSLVPN SMA100 SQL Injection Vulnerability",
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sonicwall:sma_100_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"10.0.0.0\", \"versionEndExcluding\": \"10.2.0.5-d-29sv\", \"matchCriteriaId\": \"5ED4CBFD-C82D-4CA3-8A15-4A461A432A81\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sonicwall:sma_100:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7B164EB6-4CA0-46EF-986D-270968E87C5C\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sonicwall:sma_200_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9B74D223-A74B-42EE-A005-C07CC2A1F92C\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sonicwall:sma_200:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0B190266-AD6F-401B-9B2E-061CDD539236\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sonicwall:sma_210_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"69495233-D283-414C-A32C-9FBAF726CF1E\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sonicwall:sma_210:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"51587338-4A5F-41FC-9497-743F061947C2\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sonicwall:sma_400_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E791012D-4096-4978-950A-5B482F714A47\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sonicwall:sma_400:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9D728332-10C9-4508-B720-569D44E99543\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sonicwall:sma_410_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"852AF172-A8E4-463B-8503-F31DD0E62BC7\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sonicwall:sma_410:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9DFB8FBC-FFA4-4526-B306-D5692A43DC9E\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sonicwall:sma_500v:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"75DB297F-6686-46CD-83D4-608013568D81\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad de inyecci\\u00f3n de SQL en el producto SonicWall SSLVPN SMA100, permite a un atacante remoto no autenticado llevar a cabo una consulta SQL para acceder a la contrase\\u00f1a del nombre de usuario y otra informaci\\u00f3n relacionada con la sesi\\u00f3n.\u0026#xa0;Esta vulnerabilidad afecta a la versi\\u00f3n 10.x de la compilaci\\u00f3n SMA100\"}]",
      "id": "CVE-2021-20016",
      "lastModified": "2024-11-21T05:45:47.220",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2021-02-04T06:15:13.817",
      "references": "[{\"url\": \"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0001\", \"source\": \"PSIRT@sonicwall.com\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0001\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "PSIRT@sonicwall.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"PSIRT@sonicwall.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-89\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-89\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-20016\",\"sourceIdentifier\":\"PSIRT@sonicwall.com\",\"published\":\"2021-02-04T06:15:13.817\",\"lastModified\":\"2025-10-31T15:56:14.870\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de inyecci\u00f3n de SQL en el producto SonicWall SSLVPN SMA100, permite a un atacante remoto no autenticado llevar a cabo una consulta SQL para acceder a la contrase\u00f1a del nombre de usuario y otra informaci\u00f3n relacionada con la sesi\u00f3n.\u0026#xa0;Esta vulnerabilidad afecta a la versi\u00f3n 10.x de la compilaci\u00f3n SMA100\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"cisaExploitAdd\":\"2021-11-03\",\"cisaActionDue\":\"2021-11-17\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"SonicWall SSLVPN SMA100 SQL Injection Vulnerability\",\"weaknesses\":[{\"source\":\"PSIRT@sonicwall.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sonicwall:sma_100_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.0.0.0\",\"versionEndExcluding\":\"10.2.0.5-d-29sv\",\"matchCriteriaId\":\"5ED4CBFD-C82D-4CA3-8A15-4A461A432A81\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sonicwall:sma_100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B164EB6-4CA0-46EF-986D-270968E87C5C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sonicwall:sma_200_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B74D223-A74B-42EE-A005-C07CC2A1F92C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sonicwall:sma_200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B190266-AD6F-401B-9B2E-061CDD539236\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sonicwall:sma_210_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"69495233-D283-414C-A32C-9FBAF726CF1E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sonicwall:sma_210:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51587338-4A5F-41FC-9497-743F061947C2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sonicwall:sma_400_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E791012D-4096-4978-950A-5B482F714A47\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sonicwall:sma_400:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D728332-10C9-4508-B720-569D44E99543\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sonicwall:sma_410_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"852AF172-A8E4-463B-8503-F31DD0E62BC7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sonicwall:sma_410:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9DFB8FBC-FFA4-4526-B306-D5692A43DC9E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sonicwall:sma_500v:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"75DB297F-6686-46CD-83D4-608013568D81\"}]}]}],\"references\":[{\"url\":\"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0001\",\"source\":\"PSIRT@sonicwall.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0001\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-20016\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0001\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T17:30:07.417Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-20016\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-06T19:54:21.435978Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2021-11-03\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-20016\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2021-11-03T00:00:00+00:00\", \"value\": \"CVE-2021-20016 added to CISA KEV\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-06T19:53:56.705Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"SonicWall\", \"product\": \"SonicWall SMA100\", \"versions\": [{\"status\": \"affected\", \"version\": \"SMA100 build version 10.x\"}]}], \"references\": [{\"url\": \"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0001\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-89\", \"description\": \"CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"44b2ff79-1416-4492-88bb-ed0da00c7315\", \"shortName\": \"sonicwall\", \"dateUpdated\": \"2021-02-03T20:35:14.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"SMA100 build version 10.x\"}]}, \"product_name\": \"SonicWall SMA100\"}]}, \"vendor_name\": \"SonicWall\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0001\", \"name\": \"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0001\", \"refsource\": \"CONFIRM\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2021-20016\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"PSIRT@sonicwall.com\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2021-20016\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T19:54:12.691Z\", \"dateReserved\": \"2020-12-17T00:00:00.000Z\", \"assignerOrgId\": \"44b2ff79-1416-4492-88bb-ed0da00c7315\", \"datePublished\": \"2021-02-03T20:35:14.000Z\", \"assignerShortName\": \"sonicwall\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GSD-2021-20016

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-20016

Aliases

CVE-2021-20016

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-20016",
    "description": "A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x.",
    "id": "GSD-2021-20016"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-20016"
      ],
      "details": "A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x.",
      "id": "GSD-2021-20016",
      "modified": "2023-12-13T01:23:11.867613Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cisa.gov": {
      "cveID": "CVE-2021-20016",
      "dateAdded": "2021-11-03",
      "dueDate": "2021-11-17",
      "product": "SonicWall SSLVPN SMA100",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "Allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information in SMA100 build version 10.x.",
      "vendorProject": "SonicWall",
      "vulnerabilityName": "SonicWall SSL VPN SMA100 SQL Injection Vulnerability"
    },
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "PSIRT@sonicwall.com",
        "ID": "CVE-2021-20016",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "SonicWall SMA100",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "SMA100 build version 10.x"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "SonicWall"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0001",
            "refsource": "CONFIRM",
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0001"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:sonicwall:sma_100_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "10.2.0.5-d-29sv",
                    "versionStartIncluding": "10.0.0.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:sonicwall:sma_100:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:sonicwall:sma_200_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:sonicwall:sma_200:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:sonicwall:sma_210_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:sonicwall:sma_210:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:sonicwall:sma_400_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:sonicwall:sma_400:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:sonicwall:sma_410_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:sonicwall:sma_410:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sonicwall:sma_500v:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "PSIRT@sonicwall.com",
          "ID": "CVE-2021-20016"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-89"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0001",
              "refsource": "CONFIRM",
              "tags": [
                "Mitigation",
                "Vendor Advisory"
              ],
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0001"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2021-02-08T14:40Z",
      "publishedDate": "2021-02-04T06:15Z"
    }
  }
}

VAR-202102-0898

Vulnerability from variot - Updated: 2023-12-18 12:55

A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x. SonicWall SSLVPN SMA100 The product has SQL An injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Sonicwall SMA100 is a security access gateway device of American Sonicwall Company

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202102-0898",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "sma 100",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "sonicwall",
        "version": "10.0.0.0"
      },
      {
        "model": "sma 410",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sonicwall",
        "version": null
      },
      {
        "model": "sma 400",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sonicwall",
        "version": null
      },
      {
        "model": "sma 210",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sonicwall",
        "version": null
      },
      {
        "model": "sma 500v",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sonicwall",
        "version": null
      },
      {
        "model": "sma 100",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "sonicwall",
        "version": "10.2.0.5-d-29sv"
      },
      {
        "model": "sma 200",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sonicwall",
        "version": null
      },
      {
        "model": "sma500v",
        "scope": null,
        "trust": 0.8,
        "vendor": "sonicwall",
        "version": null
      },
      {
        "model": "sma210",
        "scope": null,
        "trust": 0.8,
        "vendor": "sonicwall",
        "version": null
      },
      {
        "model": "sma200",
        "scope": null,
        "trust": 0.8,
        "vendor": "sonicwall",
        "version": null
      },
      {
        "model": "sma410",
        "scope": null,
        "trust": 0.8,
        "vendor": "sonicwall",
        "version": null
      },
      {
        "model": "sma100",
        "scope": null,
        "trust": 0.8,
        "vendor": "sonicwall",
        "version": null
      },
      {
        "model": "sma400",
        "scope": null,
        "trust": 0.8,
        "vendor": "sonicwall",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003143"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-20016"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:sonicwall:sma_100_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "10.2.0.5-d-29sv",
                    "versionStartIncluding": "10.0.0.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:sonicwall:sma_100:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:sonicwall:sma_200_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:sonicwall:sma_200:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:sonicwall:sma_210_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:sonicwall:sma_210:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:sonicwall:sma_400_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:sonicwall:sma_400:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:sonicwall:sma_410_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:sonicwall:sma_410:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sonicwall:sma_500v:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-20016"
      }
    ]
  },
  "cve": "CVE-2021-20016",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2021-20016",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-377635",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2021-20016",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2021-20016",
            "trust": 1.8,
            "value": "CRITICAL"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202102-394",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-377635",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-20016",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-377635"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-20016"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003143"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-20016"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-394"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x. SonicWall SSLVPN SMA100 The product has SQL An injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Sonicwall SMA100 is a security access gateway device of American Sonicwall Company",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-20016"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003143"
      },
      {
        "db": "VULHUB",
        "id": "VHN-377635"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-20016"
      }
    ],
    "trust": 1.8
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-20016",
        "trust": 2.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003143",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-394",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-377635",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-20016",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-377635"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-20016"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003143"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-20016"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-394"
      }
    ]
  },
  "id": "VAR-202102-0898",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-377635"
      }
    ],
    "trust": 0.882169116
  },
  "last_update_date": "2023-12-18T12:55:42.671000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SNWLID-2021-0001",
        "trust": 0.8,
        "url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0001"
      },
      {
        "title": "Sonicwall SMA100 SQL Repair measures for injecting vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=141126"
      },
      {
        "title": "Fireeye Threat Research",
        "trust": 0.1,
        "url": "https://www.fireeye.com/blog/threat-research/2021/05/shining-a-light-on-darkside-ransomware-operations.html"
      },
      {
        "title": "Fireeye Threat Research",
        "trust": 0.1,
        "url": "https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-20016"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003143"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-394"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-89",
        "trust": 1.1
      },
      {
        "problemtype": "SQL injection (CWE-89) [NVD Evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-377635"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003143"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-20016"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0001"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20016"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/89.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-377635"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-20016"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003143"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-20016"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-394"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-377635"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-20016"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003143"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-20016"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-394"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-02-04T00:00:00",
        "db": "VULHUB",
        "id": "VHN-377635"
      },
      {
        "date": "2021-02-04T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-20016"
      },
      {
        "date": "2021-10-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-003143"
      },
      {
        "date": "2021-02-04T06:15:13.817000",
        "db": "NVD",
        "id": "CVE-2021-20016"
      },
      {
        "date": "2021-02-04T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202102-394"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-02-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-377635"
      },
      {
        "date": "2021-02-08T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-20016"
      },
      {
        "date": "2021-10-19T07:03:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-003143"
      },
      {
        "date": "2021-02-08T14:40:46.170000",
        "db": "NVD",
        "id": "CVE-2021-20016"
      },
      {
        "date": "2021-02-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202102-394"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-394"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SonicWall\u00a0SSLVPN\u00a0SMA100\u00a0 In the product \u00a0SQL\u00a0 Injection vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003143"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SQL injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-394"
      }
    ],
    "trust": 0.6
  }
}

GHSA-C283-6775-92M9

Vulnerability from github – Published: 2022-05-24 17:41 – Updated: 2025-10-22 00:32

Details

Severity ?

9.8 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-20016"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-89"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-02-04T06:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x.",
  "id": "GHSA-c283-6775-92m9",
  "modified": "2025-10-22T00:32:02Z",
  "published": "2022-05-24T17:41:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20016"
    },
    {
      "type": "WEB",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0001"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-20016"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2021-20016

Vulnerability from fkie_nvd - Published: 2021-02-04 06:15 - Updated: 2025-10-31 15:56

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
PSIRT@sonicwall.com	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0001	Mitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0001	Mitigation, Vendor Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-20016	US Government Resource

Impacted products

Vendor	Product	Version
sonicwall	sma_100_firmware	*
sonicwall	sma_100	-
sonicwall	sma_200_firmware	-
sonicwall	sma_200	-
sonicwall	sma_210_firmware	-
sonicwall	sma_210	-
sonicwall	sma_400_firmware	-
sonicwall	sma_400	-
sonicwall	sma_410_firmware	-
sonicwall	sma_410	-
sonicwall	sma_500v	-

JSON

To clipboard

{
  "cisaActionDue": "2021-11-17",
  "cisaExploitAdd": "2021-11-03",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "SonicWall SSLVPN SMA100 SQL Injection Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sonicwall:sma_100_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5ED4CBFD-C82D-4CA3-8A15-4A461A432A81",
              "versionEndExcluding": "10.2.0.5-d-29sv",
              "versionStartIncluding": "10.0.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sonicwall:sma_100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B164EB6-4CA0-46EF-986D-270968E87C5C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sonicwall:sma_200_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B74D223-A74B-42EE-A005-C07CC2A1F92C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sonicwall:sma_200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B190266-AD6F-401B-9B2E-061CDD539236",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sonicwall:sma_210_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "69495233-D283-414C-A32C-9FBAF726CF1E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sonicwall:sma_210:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "51587338-4A5F-41FC-9497-743F061947C2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sonicwall:sma_400_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E791012D-4096-4978-950A-5B482F714A47",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sonicwall:sma_400:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D728332-10C9-4508-B720-569D44E99543",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sonicwall:sma_410_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "852AF172-A8E4-463B-8503-F31DD0E62BC7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sonicwall:sma_410:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DFB8FBC-FFA4-4526-B306-D5692A43DC9E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sonicwall:sma_500v:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "75DB297F-6686-46CD-83D4-608013568D81",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de inyecci\u00f3n de SQL en el producto SonicWall SSLVPN SMA100, permite a un atacante remoto no autenticado llevar a cabo una consulta SQL para acceder a la contrase\u00f1a del nombre de usuario y otra informaci\u00f3n relacionada con la sesi\u00f3n.\u0026#xa0;Esta vulnerabilidad afecta a la versi\u00f3n 10.x de la compilaci\u00f3n SMA100"
    }
  ],
  "id": "CVE-2021-20016",
  "lastModified": "2025-10-31T15:56:14.870",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2021-02-04T06:15:13.817",
  "references": [
    {
      "source": "PSIRT@sonicwall.com",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0001"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0001"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-20016"
    }
  ],
  "sourceIdentifier": "PSIRT@sonicwall.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "PSIRT@sonicwall.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2021-AVI-083

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans SonicWall SMA100. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Sonicwall	Secure Mobile Access	SMA 500v (Azure, AWS, ESXi, HyperV) versions 10.x antérieures à 10.2.0.5-d-29sv
	Sonicwall	Secure Mobile Access	SMA 200, SMA 210, SMA 400 et SMA 410 versions 10.x antérieures à 10.2.0.5-d-29sv

References

Title

Publication Time

Tags

Bulletin de sécurité SonicWall SNWLID-2021-0001 du 23 janvier 2021

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SMA 500v (Azure, AWS, ESXi, HyperV) versions 10.x ant\u00e9rieures \u00e0 10.2.0.5-d-29sv",
      "product": {
        "name": "Secure Mobile Access",
        "vendor": {
          "name": "Sonicwall",
          "scada": false
        }
      }
    },
    {
      "description": "SMA 200, SMA 210, SMA 400 et SMA 410 versions 10.x ant\u00e9rieures \u00e0 10.2.0.5-d-29sv",
      "product": {
        "name": "Secure Mobile Access",
        "vendor": {
          "name": "Sonicwall",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-20016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20016"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-083",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-02-04T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans SonicWall SMA100. Elle permet \u00e0\nun attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans SonicWall SMA100",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SonicWall SNWLID-2021-0001 du 23 janvier 2021",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0001"
    }
  ]
}

CERTFR-2021-AVI-083

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans SonicWall SMA100. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Sonicwall	Secure Mobile Access	SMA 500v (Azure, AWS, ESXi, HyperV) versions 10.x antérieures à 10.2.0.5-d-29sv
	Sonicwall	Secure Mobile Access	SMA 200, SMA 210, SMA 400 et SMA 410 versions 10.x antérieures à 10.2.0.5-d-29sv

References

Title

Publication Time

Tags

Bulletin de sécurité SonicWall SNWLID-2021-0001 du 23 janvier 2021

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SMA 500v (Azure, AWS, ESXi, HyperV) versions 10.x ant\u00e9rieures \u00e0 10.2.0.5-d-29sv",
      "product": {
        "name": "Secure Mobile Access",
        "vendor": {
          "name": "Sonicwall",
          "scada": false
        }
      }
    },
    {
      "description": "SMA 200, SMA 210, SMA 400 et SMA 410 versions 10.x ant\u00e9rieures \u00e0 10.2.0.5-d-29sv",
      "product": {
        "name": "Secure Mobile Access",
        "vendor": {
          "name": "Sonicwall",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-20016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20016"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-083",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-02-04T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans SonicWall SMA100. Elle permet \u00e0\nun attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans SonicWall SMA100",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SonicWall SNWLID-2021-0001 du 23 janvier 2021",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0001"
    }
  ]
}

CERTFR-2021-ALE-001

Vulnerability from certfr_alerte - Published: - Updated:

[Mise à jour du 30 avril 2021]

Le 29 avril 2021, dans un billet de blogue (cf. section Documentation), FireEye fait état de l'exploitation de la vulnérabilité CVE-2021-20016 par un groupe criminel dans le but de déployer plusieurs rançongiciels à l'encontre de différentes entités en Europe et en Amérique du Nord.

[Mise à jour du 22 février 2021]

Le 19 février 2021, SonicWall a publié un nouveau correctif pour les versions 10.x, mais aussi pour les versions 9.x non concernées par la vulnérabilité CVE-2021-20016 (cf. section Documentation).

Dans son communiqué, SonicWall indique que ce correctif contient, sans les préciser, des mesures de durcissement du code et invite ses clients à l'installer immédiatement.

[Mise à jour du 04 février 2021]

Le 03 février 2021, SonicWall a publié un correctif pour la vulnérabilité qui porte désormais l'identifiant CVE-2021-20016. Cette vulnérabilité permet à un attaquant non authentifié d'obtenir les informations de connexions, y compris celles des comptes administrateurs. L'attaquant peut alors prendre complètement la main sur l'équipement.

Cette nouvelle précision confirme qu'il est obligatoire de changer tous les mots de passe une fois le correctif appliqué.

[Publication initiale]

Le 01 février 2021, SonicWall a confirmé l'existence d'une vulnérabilité de type 0 jour dans leurs passerelles d'accès sécurisé SMA séries 100. Celle-ci affecte uniquement les versions 10.x.

Les risques liés à cette vulnérabilité ne sont pas précisés, mais sont jugés comme critiques par SonicWall.

SonicWall annonce la sortie d'un correctif pour le 02 février 2021 en fin de journée ou pour le début de matinée du 03 février 2021 en France.

A noter: Indépendamment de cet évènement, un code d'attaque exploitant la vulnérabilité CVE-2014-6271 (nommée Shellshock) présente dans les versions antérieures à 8.0.0.4 a été publié sur internet. Il est donc impératif de s'assurer que vous ne disposez plus d'équipements dans ces versions. Toutefois, les produits SMA séries 100 versions 9.x et 10.x ne sont pas vulnérables à la CVE-2014-6271.

Contournement provisoire

En attendant la sortie du correctif, SonicWall propose plusieurs mesures de contournement:

Changer tous les mots de passe et activer l'authentification multi-facteurs ;
Bloquer l'accès à l’équipement par un pare-feu ;
Éteindre l'équipement ;
Installer une version 9.x après avoir effectué une sauvegarde de ses réglages puis une réinitialisation aux paramètres d'usine.

Le CERT-FR précise que le simple fait de changer un mot de passe n'a pas d'utilité particulière dans le cas où un attaquant peut toujours exploiter une vulnérabilité et éventuellement contourner les mécanismes d'authentification.

Le renouvellement des mots de passe est toutefois conseillé, une fois les correctifs appliqués ou à défaut une fois les autres mesures de contournement mises en œuvre.

L'authentification multi-facteurs fait partie des bonnes pratiques et est toujours conseillée lorsque celle-ci est disponible.

Solution

Le CERT-FR recommande l'application du correctif de sécurité dans les plus brefs délais, la modification de tous les mots de passe ainsi que l'activation de l'authentification multi-facteurs.

Pour plus de renseignements, se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Sonicwall	Secure Mobile Access	SMA 200, SMA 210, SMA 400 et SMA 410 versions 10.x antérieures à 10.2.0.6-32sv
Sonicwall	Secure Mobile Access	SMA 200, SMA 210, SMA 400 et SMA 410 versions 9.x antérieures à 9.0.0.10-28sv
Sonicwall	Secure Mobile Access	SMA 500v (Azure, AWS, ESXi, HyperV) versions 10.x antérieures à 10.2.0.6-32sv
Sonicwall	Secure Mobile Access	SMA 500v (Azure, AWS, ESXi, HyperV) versions 9.x antérieures à 9.0.0.10-28sv

References

Title

Publication Time

Tags

Communiqué SonicWall	2021-02-01	vendor-advisory
Bulletin de sécurité SonicWall SNWLID-2021-0001	2021-01-23	vendor-advisory
Avis du CERT-FR CERTFR-2021-AVI-083 du 04 février 2021	-	other
Communiqué SonicWall du 19 février 2021	-	other
Billet de blogue FireEye du 29 avril 2021	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SMA 200, SMA 210, SMA 400 et SMA 410 versions 10.x ant\u00e9rieures \u00e0 10.2.0.6-32sv",
      "product": {
        "name": "Secure Mobile Access",
        "vendor": {
          "name": "Sonicwall",
          "scada": false
        }
      }
    },
    {
      "description": "SMA 200, SMA 210, SMA 400 et SMA 410 versions 9.x ant\u00e9rieures \u00e0 9.0.0.10-28sv",
      "product": {
        "name": "Secure Mobile Access",
        "vendor": {
          "name": "Sonicwall",
          "scada": false
        }
      }
    },
    {
      "description": "SMA 500v (Azure, AWS, ESXi, HyperV) versions 10.x ant\u00e9rieures \u00e0 10.2.0.6-32sv",
      "product": {
        "name": "Secure Mobile Access",
        "vendor": {
          "name": "Sonicwall",
          "scada": false
        }
      }
    },
    {
      "description": "SMA 500v (Azure, AWS, ESXi, HyperV) versions 9.x ant\u00e9rieures \u00e0 9.0.0.10-28sv",
      "product": {
        "name": "Secure Mobile Access",
        "vendor": {
          "name": "Sonicwall",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "closed_at": "2021-05-12",
  "content": "## Contournement provisoire\n\n\nEn attendant la sortie du correctif, SonicWall propose plusieurs mesures\nde contournement:\n\n1.  Changer tous les mots de passe et activer l\u0027authentification\n    multi-facteurs ;\n2.  Bloquer l\u0027acc\u00e8s \u00e0 l\u2019\u00e9quipement par un pare-feu ;\n3.  \u00c9teindre l\u0027\u00e9quipement ;\n4.  Installer une version 9.x apr\u00e8s avoir effectu\u00e9 une sauvegarde de ses\n    r\u00e9glages puis une r\u00e9initialisation aux param\u00e8tres d\u0027usine.\n\nLe CERT-FR pr\u00e9cise que le simple fait de changer un mot de passe n\u0027a pas\nd\u0027utilit\u00e9 particuli\u00e8re dans le cas o\u00f9 un attaquant peut toujours\nexploiter une vuln\u00e9rabilit\u00e9 et \u00e9ventuellement contourner les m\u00e9canismes\nd\u0027authentification.\n\nLe renouvellement des mots de passe est toutefois conseill\u00e9, une fois\nles correctifs appliqu\u00e9s ou \u00e0 d\u00e9faut une fois les autres mesures de\ncontournement mises en \u0153uvre.\n\nL\u0027authentification multi-facteurs fait partie des bonnes pratiques et\nest toujours conseill\u00e9e lorsque celle-ci est disponible.\n\n## Solution\n\nLe CERT-FR recommande l\u0027application du correctif de s\u00e9curit\u00e9 dans les\nplus brefs d\u00e9lais, la modification de tous les mots de passe ainsi que\nl\u0027activation de l\u0027authentification multi-facteurs.\n\nPour plus de renseignements, se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de\nl\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-20016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20016"
    },
    {
      "name": "CVE-2014-6271",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6271"
    }
  ],
  "links": [
    {
      "title": "Avis du CERT-FR CERTFR-2021-AVI-083 du 04 f\u00e9vrier 2021",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2021-AVI-083/"
    },
    {
      "title": "Communiqu\u00e9 SonicWall du 19 f\u00e9vrier 2021",
      "url": "https://www.sonicwall.com/support/product-notification/additional-sma-100-series-10-x-and-9-x-firmware-updates-required-updated-feb-19-2-p-m-cst/210122173415410/"
    },
    {
      "title": "Billet de blogue FireEye du 29 avril 2021",
      "url": "https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html"
    }
  ],
  "reference": "CERTFR-2021-ALE-001",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-02-02T00:00:00.000000"
    },
    {
      "description": "Disponibilit\u00e9 du correctif, ajout de l\u0027identifiant CVE, obligation de changer les mots de passe.",
      "revision_date": "2021-02-04T00:00:00.000000"
    },
    {
      "description": "Ajout du communiqu\u00e9 SonicWall du 19 f\u00e9vrier 2021.",
      "revision_date": "2021-02-22T00:00:00.000000"
    },
    {
      "description": "Cl\u00f4ture de l\u0027alerte. Cela ne signifie pas la fin d\u0027une menace. Seule l\u0027application de la mise \u00e0 jour permet de vous pr\u00e9munir contre l\u0027exploitation de la vuln\u00e9rabilit\u00e9 correspondante.",
      "revision_date": "2021-03-11T00:00:00.000000"
    },
    {
      "description": "Ajout du billet de blogue FireEye du 29 avril 2021.",
      "revision_date": "2021-04-30T00:00:00.000000"
    },
    {
      "description": "Cl\u00f4ture de l\u0027alerte. Cela ne signifie pas la fin d\u0027une menace. Seule l\u0027application de la mise \u00e0 jour permet de vous pr\u00e9munir contre l\u0027exploitation de la vuln\u00e9rabilit\u00e9 correspondante.",
      "revision_date": "2021-05-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "\u003cstrong\u003e\\[Mise \u00e0 jour du 30 avril 2021\\]\u003c/strong\u003e\n\nLe 29 avril 2021, dans un billet de blogue (cf. section Documentation),\nFireEye fait \u00e9tat de l\u0027exploitation de la vuln\u00e9rabilit\u00e9\u00a0CVE-2021-20016\npar un groupe criminel dans le but de d\u00e9ployer plusieurs ran\u00e7ongiciels \u00e0\nl\u0027encontre de diff\u00e9rentes entit\u00e9s en Europe et en Am\u00e9rique du Nord.\n\n\u003cstrong\u003e\\[Mise \u00e0 jour du 22 f\u00e9vrier 2021\\]\u003c/strong\u003e\n\nLe 19 f\u00e9vrier 2021, SonicWall a publi\u00e9 un nouveau correctif pour les\nversions 10.x, mais aussi pour les versions 9.x non concern\u00e9es par la\nvuln\u00e9rabilit\u00e9\u00a0CVE-2021-20016 (cf. section Documentation).\n\nDans son communiqu\u00e9, SonicWall indique que ce correctif contient, sans\nles pr\u00e9ciser, des mesures de durcissement du code et invite ses clients\n\u00e0 l\u0027installer imm\u00e9diatement.\n\n\u003cstrong\u003e\\[Mise \u00e0 jour du 04 f\u00e9vrier 2021\\]\u003c/strong\u003e\n\nLe 03 f\u00e9vrier 2021, SonicWall a publi\u00e9 un correctif pour la\nvuln\u00e9rabilit\u00e9 qui porte d\u00e9sormais l\u0027identifiant\u00a0CVE-2021-20016. Cette\nvuln\u00e9rabilit\u00e9 permet \u00e0 un attaquant non authentifi\u00e9 d\u0027obtenir les\ninformations de connexions, y compris celles des comptes\nadministrateurs. L\u0027attaquant peut alors prendre compl\u00e8tement la main sur\nl\u0027\u00e9quipement.\n\nCette nouvelle pr\u00e9cision\u00a0confirme qu\u0027il est obligatoire de changer tous\nles mots de passe une fois le correctif appliqu\u00e9.\n\n\u003cstrong\u003e\\[Publication initiale\\]\u003c/strong\u003e\n\nLe 01 f\u00e9vrier 2021, SonicWall a confirm\u00e9 l\u0027existence d\u0027une vuln\u00e9rabilit\u00e9\nde type 0 jour dans leurs passerelles d\u0027acc\u00e8s s\u00e9curis\u00e9 SMA s\u00e9ries 100.\nCelle-ci affecte uniquement les versions 10.x.\n\nLes risques li\u00e9s \u00e0 cette vuln\u00e9rabilit\u00e9 ne sont pas pr\u00e9cis\u00e9s, mais sont\njug\u00e9s comme critiques par SonicWall.\n\nSonicWall annonce la sortie d\u0027un correctif pour le 02 f\u00e9vrier 2021 en\nfin de journ\u00e9e ou pour le d\u00e9but de matin\u00e9e du 03 f\u00e9vrier 2021 en France.\n\nA noter: Ind\u00e9pendamment de cet \u00e9v\u00e8nement, un code d\u0027attaque exploitant\nla vuln\u00e9rabilit\u00e9 CVE-2014-6271 (nomm\u00e9e *Shellshock*) pr\u00e9sente dans les\nversions ant\u00e9rieures \u00e0 8.0.0.4 a \u00e9t\u00e9 publi\u00e9 sur internet. Il est donc\nimp\u00e9ratif de s\u0027assurer que vous ne disposez plus d\u0027\u00e9quipements dans ces\nversions. Toutefois, les produits SMA s\u00e9ries 100 versions 9.x et 10.x ne\nsont pas vuln\u00e9rables \u00e0 la CVE-2014-6271.\n",
  "title": "|M\u00e0J] Vuln\u00e9rabilit\u00e9 dans SonicWall SMA100",
  "vendor_advisories": [
    {
      "published_at": "2021-02-01",
      "title": "Communiqu\u00e9 SonicWall",
      "url": "https://www.sonicwall.com/support/product-notification/urgent-security-notice-sonicwall-confirms-sma-100-series-10-x-zero-day-vulnerability-feb-1-2-p-m-cst/210122173415410/"
    },
    {
      "published_at": "2021-01-23",
      "title": "Bulletin de s\u00e9curit\u00e9 SonicWall SNWLID-2021-0001",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0001"
    }
  ]
}

CERTFR-2021-ALE-001

Vulnerability from certfr_alerte - Published: - Updated:

[Mise à jour du 30 avril 2021]

[Mise à jour du 22 février 2021]

Dans son communiqué, SonicWall indique que ce correctif contient, sans les préciser, des mesures de durcissement du code et invite ses clients à l'installer immédiatement.

[Mise à jour du 04 février 2021]

Cette nouvelle précision confirme qu'il est obligatoire de changer tous les mots de passe une fois le correctif appliqué.

[Publication initiale]

Le 01 février 2021, SonicWall a confirmé l'existence d'une vulnérabilité de type 0 jour dans leurs passerelles d'accès sécurisé SMA séries 100. Celle-ci affecte uniquement les versions 10.x.

Les risques liés à cette vulnérabilité ne sont pas précisés, mais sont jugés comme critiques par SonicWall.

SonicWall annonce la sortie d'un correctif pour le 02 février 2021 en fin de journée ou pour le début de matinée du 03 février 2021 en France.

Contournement provisoire

En attendant la sortie du correctif, SonicWall propose plusieurs mesures de contournement:

Changer tous les mots de passe et activer l'authentification multi-facteurs ;
Bloquer l'accès à l’équipement par un pare-feu ;
Éteindre l'équipement ;
Installer une version 9.x après avoir effectué une sauvegarde de ses réglages puis une réinitialisation aux paramètres d'usine.

Le renouvellement des mots de passe est toutefois conseillé, une fois les correctifs appliqués ou à défaut une fois les autres mesures de contournement mises en œuvre.

L'authentification multi-facteurs fait partie des bonnes pratiques et est toujours conseillée lorsque celle-ci est disponible.

Solution

Le CERT-FR recommande l'application du correctif de sécurité dans les plus brefs délais, la modification de tous les mots de passe ainsi que l'activation de l'authentification multi-facteurs.

Pour plus de renseignements, se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Sonicwall	Secure Mobile Access	SMA 200, SMA 210, SMA 400 et SMA 410 versions 10.x antérieures à 10.2.0.6-32sv
Sonicwall	Secure Mobile Access	SMA 200, SMA 210, SMA 400 et SMA 410 versions 9.x antérieures à 9.0.0.10-28sv
Sonicwall	Secure Mobile Access	SMA 500v (Azure, AWS, ESXi, HyperV) versions 10.x antérieures à 10.2.0.6-32sv
Sonicwall	Secure Mobile Access	SMA 500v (Azure, AWS, ESXi, HyperV) versions 9.x antérieures à 9.0.0.10-28sv

References

Title

Publication Time

Tags

Communiqué SonicWall	2021-02-01	vendor-advisory
Bulletin de sécurité SonicWall SNWLID-2021-0001	2021-01-23	vendor-advisory
Avis du CERT-FR CERTFR-2021-AVI-083 du 04 février 2021	-	other
Communiqué SonicWall du 19 février 2021	-	other
Billet de blogue FireEye du 29 avril 2021	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SMA 200, SMA 210, SMA 400 et SMA 410 versions 10.x ant\u00e9rieures \u00e0 10.2.0.6-32sv",
      "product": {
        "name": "Secure Mobile Access",
        "vendor": {
          "name": "Sonicwall",
          "scada": false
        }
      }
    },
    {
      "description": "SMA 200, SMA 210, SMA 400 et SMA 410 versions 9.x ant\u00e9rieures \u00e0 9.0.0.10-28sv",
      "product": {
        "name": "Secure Mobile Access",
        "vendor": {
          "name": "Sonicwall",
          "scada": false
        }
      }
    },
    {
      "description": "SMA 500v (Azure, AWS, ESXi, HyperV) versions 10.x ant\u00e9rieures \u00e0 10.2.0.6-32sv",
      "product": {
        "name": "Secure Mobile Access",
        "vendor": {
          "name": "Sonicwall",
          "scada": false
        }
      }
    },
    {
      "description": "SMA 500v (Azure, AWS, ESXi, HyperV) versions 9.x ant\u00e9rieures \u00e0 9.0.0.10-28sv",
      "product": {
        "name": "Secure Mobile Access",
        "vendor": {
          "name": "Sonicwall",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "closed_at": "2021-05-12",
  "content": "## Contournement provisoire\n\n\nEn attendant la sortie du correctif, SonicWall propose plusieurs mesures\nde contournement:\n\n1.  Changer tous les mots de passe et activer l\u0027authentification\n    multi-facteurs ;\n2.  Bloquer l\u0027acc\u00e8s \u00e0 l\u2019\u00e9quipement par un pare-feu ;\n3.  \u00c9teindre l\u0027\u00e9quipement ;\n4.  Installer une version 9.x apr\u00e8s avoir effectu\u00e9 une sauvegarde de ses\n    r\u00e9glages puis une r\u00e9initialisation aux param\u00e8tres d\u0027usine.\n\nLe CERT-FR pr\u00e9cise que le simple fait de changer un mot de passe n\u0027a pas\nd\u0027utilit\u00e9 particuli\u00e8re dans le cas o\u00f9 un attaquant peut toujours\nexploiter une vuln\u00e9rabilit\u00e9 et \u00e9ventuellement contourner les m\u00e9canismes\nd\u0027authentification.\n\nLe renouvellement des mots de passe est toutefois conseill\u00e9, une fois\nles correctifs appliqu\u00e9s ou \u00e0 d\u00e9faut une fois les autres mesures de\ncontournement mises en \u0153uvre.\n\nL\u0027authentification multi-facteurs fait partie des bonnes pratiques et\nest toujours conseill\u00e9e lorsque celle-ci est disponible.\n\n## Solution\n\nLe CERT-FR recommande l\u0027application du correctif de s\u00e9curit\u00e9 dans les\nplus brefs d\u00e9lais, la modification de tous les mots de passe ainsi que\nl\u0027activation de l\u0027authentification multi-facteurs.\n\nPour plus de renseignements, se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de\nl\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-20016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20016"
    },
    {
      "name": "CVE-2014-6271",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6271"
    }
  ],
  "links": [
    {
      "title": "Avis du CERT-FR CERTFR-2021-AVI-083 du 04 f\u00e9vrier 2021",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2021-AVI-083/"
    },
    {
      "title": "Communiqu\u00e9 SonicWall du 19 f\u00e9vrier 2021",
      "url": "https://www.sonicwall.com/support/product-notification/additional-sma-100-series-10-x-and-9-x-firmware-updates-required-updated-feb-19-2-p-m-cst/210122173415410/"
    },
    {
      "title": "Billet de blogue FireEye du 29 avril 2021",
      "url": "https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html"
    }
  ],
  "reference": "CERTFR-2021-ALE-001",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-02-02T00:00:00.000000"
    },
    {
      "description": "Disponibilit\u00e9 du correctif, ajout de l\u0027identifiant CVE, obligation de changer les mots de passe.",
      "revision_date": "2021-02-04T00:00:00.000000"
    },
    {
      "description": "Ajout du communiqu\u00e9 SonicWall du 19 f\u00e9vrier 2021.",
      "revision_date": "2021-02-22T00:00:00.000000"
    },
    {
      "description": "Cl\u00f4ture de l\u0027alerte. Cela ne signifie pas la fin d\u0027une menace. Seule l\u0027application de la mise \u00e0 jour permet de vous pr\u00e9munir contre l\u0027exploitation de la vuln\u00e9rabilit\u00e9 correspondante.",
      "revision_date": "2021-03-11T00:00:00.000000"
    },
    {
      "description": "Ajout du billet de blogue FireEye du 29 avril 2021.",
      "revision_date": "2021-04-30T00:00:00.000000"
    },
    {
      "description": "Cl\u00f4ture de l\u0027alerte. Cela ne signifie pas la fin d\u0027une menace. Seule l\u0027application de la mise \u00e0 jour permet de vous pr\u00e9munir contre l\u0027exploitation de la vuln\u00e9rabilit\u00e9 correspondante.",
      "revision_date": "2021-05-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "\u003cstrong\u003e\\[Mise \u00e0 jour du 30 avril 2021\\]\u003c/strong\u003e\n\nLe 29 avril 2021, dans un billet de blogue (cf. section Documentation),\nFireEye fait \u00e9tat de l\u0027exploitation de la vuln\u00e9rabilit\u00e9\u00a0CVE-2021-20016\npar un groupe criminel dans le but de d\u00e9ployer plusieurs ran\u00e7ongiciels \u00e0\nl\u0027encontre de diff\u00e9rentes entit\u00e9s en Europe et en Am\u00e9rique du Nord.\n\n\u003cstrong\u003e\\[Mise \u00e0 jour du 22 f\u00e9vrier 2021\\]\u003c/strong\u003e\n\nLe 19 f\u00e9vrier 2021, SonicWall a publi\u00e9 un nouveau correctif pour les\nversions 10.x, mais aussi pour les versions 9.x non concern\u00e9es par la\nvuln\u00e9rabilit\u00e9\u00a0CVE-2021-20016 (cf. section Documentation).\n\nDans son communiqu\u00e9, SonicWall indique que ce correctif contient, sans\nles pr\u00e9ciser, des mesures de durcissement du code et invite ses clients\n\u00e0 l\u0027installer imm\u00e9diatement.\n\n\u003cstrong\u003e\\[Mise \u00e0 jour du 04 f\u00e9vrier 2021\\]\u003c/strong\u003e\n\nLe 03 f\u00e9vrier 2021, SonicWall a publi\u00e9 un correctif pour la\nvuln\u00e9rabilit\u00e9 qui porte d\u00e9sormais l\u0027identifiant\u00a0CVE-2021-20016. Cette\nvuln\u00e9rabilit\u00e9 permet \u00e0 un attaquant non authentifi\u00e9 d\u0027obtenir les\ninformations de connexions, y compris celles des comptes\nadministrateurs. L\u0027attaquant peut alors prendre compl\u00e8tement la main sur\nl\u0027\u00e9quipement.\n\nCette nouvelle pr\u00e9cision\u00a0confirme qu\u0027il est obligatoire de changer tous\nles mots de passe une fois le correctif appliqu\u00e9.\n\n\u003cstrong\u003e\\[Publication initiale\\]\u003c/strong\u003e\n\nLe 01 f\u00e9vrier 2021, SonicWall a confirm\u00e9 l\u0027existence d\u0027une vuln\u00e9rabilit\u00e9\nde type 0 jour dans leurs passerelles d\u0027acc\u00e8s s\u00e9curis\u00e9 SMA s\u00e9ries 100.\nCelle-ci affecte uniquement les versions 10.x.\n\nLes risques li\u00e9s \u00e0 cette vuln\u00e9rabilit\u00e9 ne sont pas pr\u00e9cis\u00e9s, mais sont\njug\u00e9s comme critiques par SonicWall.\n\nSonicWall annonce la sortie d\u0027un correctif pour le 02 f\u00e9vrier 2021 en\nfin de journ\u00e9e ou pour le d\u00e9but de matin\u00e9e du 03 f\u00e9vrier 2021 en France.\n\nA noter: Ind\u00e9pendamment de cet \u00e9v\u00e8nement, un code d\u0027attaque exploitant\nla vuln\u00e9rabilit\u00e9 CVE-2014-6271 (nomm\u00e9e *Shellshock*) pr\u00e9sente dans les\nversions ant\u00e9rieures \u00e0 8.0.0.4 a \u00e9t\u00e9 publi\u00e9 sur internet. Il est donc\nimp\u00e9ratif de s\u0027assurer que vous ne disposez plus d\u0027\u00e9quipements dans ces\nversions. Toutefois, les produits SMA s\u00e9ries 100 versions 9.x et 10.x ne\nsont pas vuln\u00e9rables \u00e0 la CVE-2014-6271.\n",
  "title": "|M\u00e0J] Vuln\u00e9rabilit\u00e9 dans SonicWall SMA100",
  "vendor_advisories": [
    {
      "published_at": "2021-02-01",
      "title": "Communiqu\u00e9 SonicWall",
      "url": "https://www.sonicwall.com/support/product-notification/urgent-security-notice-sonicwall-confirms-sma-100-series-10-x-zero-day-vulnerability-feb-1-2-p-m-cst/210122173415410/"
    },
    {
      "published_at": "2021-01-23",
      "title": "Bulletin de s\u00e9curit\u00e9 SonicWall SNWLID-2021-0001",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0001"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-20016 (GCVE-0-2021-20016)

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

Solution

Solution

Contournement provisoire

Solution

Contournement provisoire

Solution

Tags

Sightings

Nomenclature