Overview
- Description
- A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x.
- Source
- PSIRT@sonicwall.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Known exploits
Data from CISA
- Vulnerability name
- SonicWall SSLVPN SMA100 SQL Injection Vulnerability
- Exploit added on
- Nov 3, 2021
- Exploit action due
- Nov 17, 2021
- Required action
- Apply updates per vendor instructions.
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:sma_100:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "7B164EB6-4CA0-46EF-986D-270968E87C5C"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:sma_100_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5ED4CBFD-C82D-4CA3-8A15-4A461A432A81",
"versionEndExcluding": "10.2.0.5-d-29sv",
"versionStartIncluding": "10.0.0.0"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:sma_200:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "0B190266-AD6F-401B-9B2E-061CDD539236"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:sma_200_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9B74D223-A74B-42EE-A005-C07CC2A1F92C"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:sma_210:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "51587338-4A5F-41FC-9497-743F061947C2"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:sma_210_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "69495233-D283-414C-A32C-9FBAF726CF1E"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:sma_400:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "9D728332-10C9-4508-B720-569D44E99543"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:sma_400_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E791012D-4096-4978-950A-5B482F714A47"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:sma_410:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "9DFB8FBC-FFA4-4526-B306-D5692A43DC9E"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:sma_410_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "852AF172-A8E4-463B-8503-F31DD0E62BC7"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sonicwall:sma_500v:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "75DB297F-6686-46CD-83D4-608013568D81"
}
],
"operator": "OR"
}
]
}
]