CVE-2021-20045

Published Dec 8, 2021

Last updated 3 years ago

CVSS critical 9.8

Overview

Description: A buffer overflow vulnerability in SMA100 sonicfiles RAC_COPY_TO (RacNumber 36) method allows a remote unauthenticated attacker to potentially execute code as the 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.
Source: PSIRT@sonicwall.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-120
PSIRT@sonicwall.com: CWE-120

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:sonicwall:sma_200_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4185C028-6A07-4A92-8380-9AA3953D2CFD"
          },
          {
            "criteria": "cpe:2.3:o:sonicwall:sma_200_firmware:10.2.1.1-19sv:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "33233A45-6667-4CE9-A21C-6A6C725689F8"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:sonicwall:sma_200:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0B190266-AD6F-401B-9B2E-061CDD539236"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:sonicwall:sma_210_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E62EEC93-6F52-4DDB-95F0-D5736391D64C"
          },
          {
            "criteria": "cpe:2.3:o:sonicwall:sma_210_firmware:10.2.1.1-19sv:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E4F1C135-A182-4233-B7FC-D08C754ECE13"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:sonicwall:sma_210:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "51587338-4A5F-41FC-9497-743F061947C2"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:sonicwall:sma_410_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "53698BD3-43B6-4EC4-8847-E6ED9A3CB6F6"
          },
          {
            "criteria": "cpe:2.3:o:sonicwall:sma_410_firmware:10.2.1.1-19sv:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8EC74D70-C04B-481F-A706-6C86751996FB"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:sonicwall:sma_410:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9DFB8FBC-FFA4-4526-B306-D5692A43DC9E"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:sonicwall:sma_400_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9BE21589-3BEC-4245-9939-CF50DE70B12A"
          },
          {
            "criteria": "cpe:2.3:o:sonicwall:sma_400_firmware:10.2.1.1-19sv:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BEB82F42-A5DF-42CC-86F9-B06B39BBC202"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:sonicwall:sma_400:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9D728332-10C9-4508-B720-569D44E99543"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:sonicwall:sma_500v_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "379F7CA2-8914-4710-AE6B-D2833605D4B8"
          },
          {
            "criteria": "cpe:2.3:o:sonicwall:sma_500v_firmware:10.2.1.1-19sv:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AC429F62-366B-4B68-B378-FB741F9F7FEF"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:sonicwall:sma_500v:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A6AD8A33-7CE4-4C66-9E23-F0C9C9638770"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References