CVE-2021-20039

Published Dec 8, 2021

Last updated 3 years ago

CVSS high 8.8

Overview

Description: Improper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert' POST http method allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.
Source: PSIRT@sonicwall.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 9
Impact score: 10
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-78
PSIRT@sonicwall.com: CWE-78

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:sonicwall:sma_200:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0B190266-AD6F-401B-9B2E-061CDD539236"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:sonicwall:sma_200_firmware:9.0.0.11-31sv:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4D9E19F4-7FF4-426C-8B08-BCC802F653E0"
          },
          {
            "criteria": "cpe:2.3:o:sonicwall:sma_200_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4185C028-6A07-4A92-8380-9AA3953D2CFD"
          },
          {
            "criteria": "cpe:2.3:o:sonicwall:sma_200_firmware:10.2.1.1-19sv:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "33233A45-6667-4CE9-A21C-6A6C725689F8"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:sonicwall:sma_210:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "51587338-4A5F-41FC-9497-743F061947C2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:sonicwall:sma_210_firmware:9.0.0.11-31sv:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C14BCE5E-887B-41D4-9845-34E3A7CCDE58"
          },
          {
            "criteria": "cpe:2.3:o:sonicwall:sma_210_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E62EEC93-6F52-4DDB-95F0-D5736391D64C"
          },
          {
            "criteria": "cpe:2.3:o:sonicwall:sma_210_firmware:10.2.1.1-19sv:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E4F1C135-A182-4233-B7FC-D08C754ECE13"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:sonicwall:sma_410:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9DFB8FBC-FFA4-4526-B306-D5692A43DC9E"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:sonicwall:sma_410_firmware:9.0.0.11-31sv:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9464A061-4218-472A-B981-8E6A653C5D53"
          },
          {
            "criteria": "cpe:2.3:o:sonicwall:sma_410_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "53698BD3-43B6-4EC4-8847-E6ED9A3CB6F6"
          },
          {
            "criteria": "cpe:2.3:o:sonicwall:sma_410_firmware:10.2.1.1-19sv:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8EC74D70-C04B-481F-A706-6C86751996FB"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:sonicwall:sma_400:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9D728332-10C9-4508-B720-569D44E99543"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:sonicwall:sma_400_firmware:9.0.0.11-31sv:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C842AFF6-C556-4187-957B-548E5649D949"
          },
          {
            "criteria": "cpe:2.3:o:sonicwall:sma_400_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9BE21589-3BEC-4245-9939-CF50DE70B12A"
          },
          {
            "criteria": "cpe:2.3:o:sonicwall:sma_400_firmware:10.2.1.1-19sv:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BEB82F42-A5DF-42CC-86F9-B06B39BBC202"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:sonicwall:sma_500v:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A6AD8A33-7CE4-4C66-9E23-F0C9C9638770"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:sonicwall:sma_500v_firmware:9.0.0.11-31sv:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0E00827E-3007-4EA4-B22A-3BDFC246EA65"
          },
          {
            "criteria": "cpe:2.3:o:sonicwall:sma_500v_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "379F7CA2-8914-4710-AE6B-D2833605D4B8"
          },
          {
            "criteria": "cpe:2.3:o:sonicwall:sma_500v_firmware:10.2.1.1-19sv:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AC429F62-366B-4B68-B378-FB741F9F7FEF"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References