Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2021-20038
HistoryDec 08, 2021 - 10:15 a.m.

CVE-2021-20038

2021-12-0810:15:07
CWE-121
CWE-787
[email protected]
web.nvd.nist.gov
1

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.942 High

EPSS

Percentile

99.2%

JSON

A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server’s mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a ‘nobody’ user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv and earlier versions.

Affected configurations

NVD
Node
sonicwallsma_200_firmwareMatch10.2.0.8-37sv
OR
sonicwallsma_200_firmwareMatch10.2.1.1-19sv
OR
sonicwallsma_200_firmwareMatch10.2.1.2-24sv
AND
sonicwallsma_200Match-
Node
sonicwallsma_210_firmwareMatch10.2.0.8-37sv
OR
sonicwallsma_210_firmwareMatch10.2.1.1-19sv
OR
sonicwallsma_210_firmwareMatch10.2.1.2-24sv
AND
sonicwallsma_210Match-
Node
sonicwallsma_410_firmwareMatch10.2.0.8-37sv
OR
sonicwallsma_410_firmwareMatch10.2.1.1-19sv
OR
sonicwallsma_410_firmwareMatch10.2.1.2-24sv
AND
sonicwallsma_410Match-
Node
sonicwallsma_400_firmwareMatch10.2.0.8-37sv
OR
sonicwallsma_400_firmwareMatch10.2.1.1-19sv
OR
sonicwallsma_400_firmwareMatch10.2.1.2-24sv
AND
sonicwallsma_400Match-
Node
sonicwallsma_500v_firmwareMatch10.2.0.8-37sv
OR
sonicwallsma_500v_firmwareMatch10.2.1.1-19sv
OR
sonicwallsma_500v_firmwareMatch10.2.1.2-24sv
AND
sonicwallsma_500vMatch-

Related

prion 1
checkpoint_advisories 1
githubexploit 5
cvelist 1
cisa_kev 1
cve 1
nuclei 1
attackerkb 1
zdt 1
metasploit 1
packetstorm 1
thn 2
ics 3
threatpost 2
rapid7blog 4
nessus 1
cisa 1
prion
prion
Stack overflow
2021-12-08 10:15:00
checkpoint_advisories
checkpoint_advisories
SonicWall SMA100 Buffer Overflow (CVE-2021-20038)
2022-02-06 00:00:00
githubexploit
githubexploit
Exploit for Out-of-bounds Write in Sonicwall Sma 200 Firmware
2022-04-26 04:38:11
Exploit for Out-of-bounds Write in Sonicwall Sma 200 Firmware
2022-04-24 02:02:54
Exploit for Stack-based Buffer Overflow in Sonicwall Sma 200 Firmware
2022-08-08 03:38:06
cvelist
cvelist
CVE-2021-20038
2021-12-08 09:55:20
cisa_kev
cisa_kev
SonicWall SMA 100 Appliances Stack-Based Buffer Overflow Vulnerability
2022-01-28 00:00:00
cve
cve
CVE-2021-20038
2021-12-08 10:15:07
nuclei
nuclei
SonicWall SMA100 Stack - Buffer Overflow/Remote Code Execution
2022-01-18 05:20:14
attackerkb
attackerkb
CVE-2021-20038
2022-01-11 00:00:00
zdt
zdt
SonicWall SMA 100 Series Authenticated Command Injection Exploit
2022-01-13 00:00:00
metasploit
metasploit
SonicWall SMA 100 Series Authenticated Command Injection
2022-01-10 20:43:50
packetstorm
packetstorm
SonicWall SMA 100 Series Authenticated Command Injection
2022-01-13 00:00:00
thn
thn
North Korean Hackers Targeting Healthcare with Ransomware to Fund its Operations
2023-02-10 11:52:00
SonicWall Urges Customers to Immediately Patch Critical SMA 100 Flaws
2021-12-09 05:18:00
ics
ics
#StopRansomware: Ransomware Attacks on Critical Infrastructure Fund DPRK Malicious Cyber Activities
2023-02-09 12:00:00
2021 Top Routinely Exploited Vulnerabilities
2022-04-28 12:00:00
2022 Top Routinely Exploited Vulnerabilities
2023-08-03 12:00:00
threatpost
threatpost
Critical SonicWall VPN Bugs Allow Complete Appliance Takeover
2021-12-08 19:16:54
Critical SonicWall NAC Vulnerability Stems from Apache Mods
2022-01-11 14:09:21
rapid7blog
rapid7blog
CVE-2021-20038..42: SonicWall SMA 100 Multiple Vulnerabilities (FIXED)
2022-01-11 14:00:00
SonicWall Recommends Urgent Patching for GMS and Analytics CVEs
2023-07-13 14:56:13
Metasploit Weekly Wrap-Up
2022-01-14 19:00:29
nessus
nessus
SonicWall Secure Mobile Access Multiple Vulnerabilities (SNWLID-2021-0026)
2021-12-09 00:00:00
cisa
cisa
CISA Adds Eight Known Exploited Vulnerabilities to Catalog
2022-01-28 00:00:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.942 High

EPSS

Percentile

99.2%

JSON
Related for NVD:CVE-2021-20038
prion1checkpoint_advisories1githubexploit5cvelist1cisa_kev1cve1nuclei1attackerkb1zdt1metasploit1packetstorm1thn2ics3threatpost2rapid7blog4nessus1cisa1