Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2021-20031
HistoryOct 12, 2021 - 11:15 p.m.

CVE-2021-20031

2021-10-1223:15:07
CWE-601
[email protected]
web.nvd.nist.gov
60
cve-2021-20031
host header redirection
sonicos
firewall management
remote attacker
nvd

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.1 Medium

AI Score

Confidence

High

0.017 Low

EPSS

Percentile

87.7%

JSON

A Host Header Redirection vulnerability in SonicOS potentially allows a remote attacker to redirect firewall management users to arbitrary web domains.

Affected configurations

NVD
Node
sonicwallnsa_2650Match-
OR
sonicwallnsa_2700Match-
OR
sonicwallnsa_3650Match-
OR
sonicwallnsa_3700Match-
OR
sonicwallnsa_4650Match-
OR
sonicwallnsa_4700Match-
OR
sonicwallnsa_5650Match-
OR
sonicwallnsa_6650Match-
OR
sonicwallnsa_6700Match-
OR
sonicwallnsa_9250Match-
OR
sonicwallnsa_9450Match-
OR
sonicwallnsa_9650Match-
OR
sonicwalltz270Match-
OR
sonicwalltz270wMatch-
OR
sonicwalltz300Match-
OR
sonicwalltz300pMatch-
OR
sonicwalltz300wMatch-
OR
sonicwalltz350Match-
OR
sonicwalltz350wMatch-
OR
sonicwalltz370Match-
OR
sonicwalltz370wMatch-
OR
sonicwalltz400Match-
OR
sonicwalltz400wMatch-
OR
sonicwalltz470Match-
OR
sonicwalltz470wMatch-
OR
sonicwalltz500Match-
OR
sonicwalltz500wMatch-
OR
sonicwalltz570Match-
OR
sonicwalltz570pMatch-
OR
sonicwalltz570wMatch-
OR
sonicwalltz600Match-
OR
sonicwalltz600pMatch-
OR
sonicwalltz670Match-
AND
sonicwallsonicosRange7.0.1-r1262
Node
sonicwallnsv_10Match-
OR
sonicwallnsv_100Match-
OR
sonicwallnsv_1600Match-
OR
sonicwallnsv_200Match-
OR
sonicwallnsv_25Match-
OR
sonicwallnsv_270Match-
OR
sonicwallnsv_300Match-
OR
sonicwallnsv_400Match-
OR
sonicwallnsv_470Match-
OR
sonicwallnsv_50Match-
OR
sonicwallnsv_800Match-
OR
sonicwallnsv_870Match-
AND
sonicwallsonicosRange7.0.1-r1283
Node
sonicwallnssp_12400Match-
OR
sonicwallnssp_12800Match-
OR
sonicwallnssp_13700Match-
OR
sonicwallnssp_15700Match-
AND
sonicwallsonicosRange7.0.1-r579
Node
sonicwallnsa_2650Match-
OR
sonicwallnsa_2700Match-
OR
sonicwallnsa_3650Match-
OR
sonicwallnsa_3700Match-
OR
sonicwallnsa_4650Match-
OR
sonicwallnsa_4700Match-
OR
sonicwallnsa_5650Match-
OR
sonicwallnsa_6650Match-
OR
sonicwallnsa_6700Match-
OR
sonicwallnsa_9250Match-
OR
sonicwallnsa_9450Match-
OR
sonicwallnsa_9650Match-
OR
sonicwallsoho_250wMatch-
OR
sonicwallsupermassive_9200Match-
OR
sonicwallsupermassive_9400Match-
OR
sonicwallsupermassive_9600Match-
OR
sonicwallsupermassive_9800Match-
OR
sonicwalltz270Match-
OR
sonicwalltz270wMatch-
OR
sonicwalltz300Match-
OR
sonicwalltz300pMatch-
OR
sonicwalltz300wMatch-
OR
sonicwalltz350Match-
OR
sonicwalltz350wMatch-
OR
sonicwalltz370Match-
OR
sonicwalltz370wMatch-
OR
sonicwalltz400Match-
OR
sonicwalltz400wMatch-
OR
sonicwalltz470Match-
OR
sonicwalltz470wMatch-
OR
sonicwalltz500Match-
OR
sonicwalltz500wMatch-
OR
sonicwalltz570Match-
OR
sonicwalltz570pMatch-
OR
sonicwalltz570wMatch-
OR
sonicwalltz600Match-
OR
sonicwalltz600pMatch-
OR
sonicwalltz670Match-
AND
sonicwallsonicosRange6.5.4.7
Node
sonicwallnssp_12400Match-
OR
sonicwallnssp_12800Match-
OR
sonicwallsupermassive_9800Match-
AND
sonicwallsonicosRange6.5.1.12
Node
sonicwallsupermassive_e10200Match-
OR
sonicwallsupermassive_e10400Match-
OR
sonicwallsupermassive_e10800Match-
AND
sonicwallsonicosRange6.0.5.3-94o
Node
sonicwallnsa_2650Match-
OR
sonicwallnsa_2700Match-
OR
sonicwallnsa_3650Match-
OR
sonicwallnsa_3700Match-
OR
sonicwallnsa_4650Match-
OR
sonicwallnsa_4700Match-
OR
sonicwallnsa_5650Match-
OR
sonicwallnsa_6650Match-
OR
sonicwallnsa_6700Match-
OR
sonicwallnsa_9250Match-
OR
sonicwallnsa_9450Match-
OR
sonicwallnsa_9650Match-
OR
sonicwallsoho_250Match-
OR
sonicwallsoho_250wMatch-
OR
sonicwalltz270Match-
OR
sonicwalltz270wMatch-
OR
sonicwalltz300Match-
OR
sonicwalltz300pMatch-
OR
sonicwalltz300wMatch-
OR
sonicwalltz350Match-
OR
sonicwalltz350wMatch-
OR
sonicwalltz370Match-
OR
sonicwalltz370wMatch-
OR
sonicwalltz400Match-
OR
sonicwalltz400wMatch-
OR
sonicwalltz470Match-
OR
sonicwalltz470wMatch-
OR
sonicwalltz500Match-
OR
sonicwalltz500wMatch-
AND
sonicwallsonicosRange5.9.1.13

CNA Affected

[
  {
    "product": "SonicOS",
    "vendor": "SonicWall",
    "versions": [
      {
        "status": "affected",
        "version": "7.0.1-R1262 and earlier"
      },
      {
        "status": "affected",
        "version": "7.0.1-R1283 and earlier"
      },
      {
        "status": "affected",
        "version": "7.0.1-R579 and earlier"
      },
      {
        "status": "affected",
        "version": "6.5.4.7 and earlier"
      },
      {
        "status": "affected",
        "version": "6.5.1.12 and earlier"
      },
      {
        "status": "affected",
        "version": "6.0.5.3-94o and earlier"
      },
      {
        "status": "affected",
        "version": "6.5.4.4-44V-21-987 and earlier"
      },
      {
        "status": "affected",
        "version": "5.9.1.13 and earlier"
      }
    ]
  }
]

Related

packetstorm 1
nuclei 1
prion 1
nvd 1
zdt 1
cvelist 1
exploitdb 1
packetstorm
packetstorm
Sonicwall SonicOS 7.0 Host Header Injection
2021-10-13 00:00:00
nuclei
nuclei
SonicWall SonicOS 7.0 - Open Redirect
2021-10-17 23:24:29
prion
prion
Design/Logic Flaw
2021-10-12 23:15:00
nvd
nvd
CVE-2021-20031
2021-10-12 23:15:07
zdt
zdt
Sonicwall SonicOS 7.0 - Host Header Injection Vulnerability
2021-10-13 00:00:00
cvelist
cvelist
CVE-2021-20031
2021-10-12 22:55:09
exploitdb
exploitdb
Sonicwall SonicOS 7.0 - Host Header Injection
2021-10-13 00:00:00

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.1 Medium

AI Score

Confidence

High

0.017 Low

EPSS

Percentile

87.7%

JSON
Related for CVE-2021-20031
packetstorm1nuclei1prion1nvd1zdt1cvelist1exploitdb1