Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveSonicwallCVE-2021-20034
HistorySep 27, 2021 - 6:15 p.m.

CVE-2021-20034

2021-09-2718:15:08
CWE-284
CWE-22
sonicwall
web.nvd.nist.gov
93
2
access control
vulnerability
sma100
remote attacker
path traversal
file deletion
factory default
reboot
nvd

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

AI Score

9.2

Confidence

High

EPSS

0.641

Percentile

97.9%

JSON

An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings.

Affected configurations

Nvd
Node
sonicwallsma_200_firmwareRange≀9.0.0.10-28sv
OR
sonicwallsma_200_firmwareRange10.2.0.0–10.2.0.7-34sv
OR
sonicwallsma_200_firmwareRange10.2.1.0–10.2.1.0-17sv
AND
sonicwallsma_200Match-
Node
sonicwallsma_210_firmwareRange≀9.0.0.10-28sv
OR
sonicwallsma_210_firmwareRange10.2.0.0–10.2.0.7-34sv
OR
sonicwallsma_210_firmwareRange10.2.1.0–10.2.1.0-17sv
AND
sonicwallsma_210Match-
Node
sonicwallsma_400_firmwareRange≀9.0.0.10-28sv
OR
sonicwallsma_400_firmwareRange10.2.0.0–10.2.0.7-34sv
OR
sonicwallsma_400_firmwareRange10.2.1.0–10.2.1.0-17sv
AND
sonicwallsma_400Match-
Node
sonicwallsma_410_firmwareRange≀9.0.0.10-28sv
OR
sonicwallsma_410_firmwareRange10.2.0.0–10.2.0.7-34sv
OR
sonicwallsma_410_firmwareRange10.2.1.0–10.2.1.0-17sv
AND
sonicwallsma_410Match-
Node
sonicwallsma_500vRange≀9.0.0.10-28sv
OR
sonicwallsma_500vRange10.2.0.0–10.2.0.7-34sv
OR
sonicwallsma_500vRange10.2.1.0–10.2.1.0-17sv
VendorProductVersionCPE
sonicwallsma_200_firmware*cpe:2.3:o:sonicwall:sma_200_firmware:*:*:*:*:*:*:*:*
sonicwallsma_200-cpe:2.3:h:sonicwall:sma_200:-:*:*:*:*:*:*:*
sonicwallsma_210_firmware*cpe:2.3:o:sonicwall:sma_210_firmware:*:*:*:*:*:*:*:*
sonicwallsma_210-cpe:2.3:h:sonicwall:sma_210:-:*:*:*:*:*:*:*
sonicwallsma_400_firmware*cpe:2.3:o:sonicwall:sma_400_firmware:*:*:*:*:*:*:*:*
sonicwallsma_400-cpe:2.3:h:sonicwall:sma_400:-:*:*:*:*:*:*:*
sonicwallsma_410_firmware*cpe:2.3:o:sonicwall:sma_410_firmware:*:*:*:*:*:*:*:*
sonicwallsma_410-cpe:2.3:h:sonicwall:sma_410:-:*:*:*:*:*:*:*
sonicwallsma_500v*cpe:2.3:a:sonicwall:sma_500v:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "SMA100",
    "vendor": "SonicWall",
    "versions": [
      {
        "status": "affected",
        "version": "9.0.0.10-28sv and earlier"
      },
      {
        "status": "affected",
        "version": "10.2.0.7-34sv and earlier"
      },
      {
        "status": "affected",
        "version": "10.2.1.0-17sv and earlier"
      }
    ]
  }
]

Social References

More

Related

nessus 1
nvd 1
malwarebytes 1
prion 1
thn 1
attackerkb 1
packetstorm 1
zdt 1
cvelist 1
exploitdb 1
nessus
nessus
SonicWall Secure Mobile Access Arbitrary File Delete (SNWLID-2021-0021)
2021-10-01 00:00:00
nvd
nvd
CVE-2021-20034
2021-09-27 18:15:08
malwarebytes
malwarebytes
SonicWall warns users to patch critical vulnerability β€œas soon as possible”
2021-09-24 11:09:10
prion
prion
Path traversal
2021-09-27 18:15:00
thn
thn
SonicWall Issues Patches for a New Critical Flaw in SMA 100 Series Devices
2021-09-25 05:39:00
attackerkb
attackerkb
CVE-2021-20034
2021-09-27 00:00:00
packetstorm
packetstorm
SonicWall SMA 10.2.1.0-17sv Password Reset
2021-10-20 00:00:00
zdt
zdt
SonicWall SMA 10.2.1.0-17sv - Password Reset Vulnerability
2021-10-20 00:00:00
cvelist
cvelist
CVE-2021-20034
2021-09-27 17:20:10
exploitdb
exploitdb
SonicWall SMA 10.2.1.0-17sv - Password Reset
2021-10-20 00:00:00

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

AI Score

9.2

Confidence

High

EPSS

0.641

Percentile

97.9%

JSON
Related for CVE-2021-20034
nessus1nvd1malwarebytes1prion1thn1attackerkb1packetstorm1zdt1cvelist1exploitdb1