Vulnerabilites related to sonicwall - sma500v
var-202112-0389
Vulnerability from variot
Improper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert' POST http method allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. plural SonicWALL The appliance has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-0389",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sma 410",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "9.0.0.11-31sv"
},
{
"model": "sma 200",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "9.0.0.11-31sv"
},
{
"model": "sma 400",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "9.0.0.11-31sv"
},
{
"model": "sma 500v",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 410",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 200",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 400",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 210",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 500v",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "9.0.0.11-31sv"
},
{
"model": "sma 200",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 210",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "9.0.0.11-31sv"
},
{
"model": "sma 400",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 500v",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 410",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 210",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma200",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma410",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma400",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma500v",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma210",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016108"
},
{
"db": "NVD",
"id": "CVE-2021-20039"
}
]
},
"cve": "CVE-2021-20039",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2021-20039",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2021-20039",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-20039",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-20039",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-20039",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-556",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016108"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-556"
},
{
"db": "NVD",
"id": "CVE-2021-20039"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Improper neutralization of special elements in the SMA100 management interface \u0027/cgi-bin/viewcert\u0027 POST http method allows a remote authenticated attacker to inject arbitrary commands as a \u0027nobody\u0027 user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. plural SonicWALL The appliance has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20039"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016108"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-20039",
"trust": 3.2
},
{
"db": "PACKETSTORM",
"id": "165563",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016108",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021120713",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202112-556",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016108"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-556"
},
{
"db": "NVD",
"id": "CVE-2021-20039"
}
]
},
"id": "VAR-202112-0389",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.9375
},
"last_update_date": "2024-08-14T13:23:03.867000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SNWLID-2021-0026",
"trust": 0.8,
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026"
},
{
"title": "Sonicwall SMA100 Repair measures for operating system command injection vulnerability in operating system",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=173997"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016108"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-556"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016108"
},
{
"db": "NVD",
"id": "CVE-2021-20039"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://packetstormsecurity.com/files/165563/sonicwall-sma-100-series-authenticated-command-injection.html"
},
{
"trust": 1.6,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0026"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20039"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021120713"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016108"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-556"
},
{
"db": "NVD",
"id": "CVE-2021-20039"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016108"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-556"
},
{
"db": "NVD",
"id": "CVE-2021-20039"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-016108"
},
{
"date": "2021-12-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-556"
},
{
"date": "2021-12-08T10:15:07.903000",
"db": "NVD",
"id": "CVE-2021-20039"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-06T08:54:00",
"db": "JVNDB",
"id": "JVNDB-2021-016108"
},
{
"date": "2022-01-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-556"
},
{
"date": "2022-04-01T15:27:07.097000",
"db": "NVD",
"id": "CVE-2021-20039"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-556"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0SonicWALL\u00a0 in the appliance \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016108"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-556"
}
],
"trust": 0.6
}
}
var-202110-1958
Vulnerability from variot
An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted management APIs being accessible without a user login, potentially exposing configuration meta-data. SMA100 The series has an unspecified vulnerability.Information may be obtained
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202110-1958",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sma 100",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 100",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.2-24sv"
},
{
"model": "sma 400",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.2-24sv"
},
{
"model": "sma 210",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.0.0.0"
},
{
"model": "sma 410",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 200",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 400",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 410",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.2-24sv"
},
{
"model": "sma 200",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.2-24sv"
},
{
"model": "sma 500v",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.0.0.0"
},
{
"model": "sma 100",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.0.0.0"
},
{
"model": "sma 410",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.0.0.0"
},
{
"model": "sma 500v",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 500v",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.2-24sv"
},
{
"model": "sma 210",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 400",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.0.0.0"
},
{
"model": "sma 200",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.0.0.0"
},
{
"model": "sma 210",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.2-24sv"
},
{
"model": "sma100",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma210",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma500v",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma200",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma410",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma400",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016938"
},
{
"db": "NVD",
"id": "CVE-2021-20050"
}
]
},
"cve": "CVE-2021-20050",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-20050",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-20050",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-20050",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-20050",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-20050",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-2135",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016938"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2135"
},
{
"db": "NVD",
"id": "CVE-2021-20050"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted management APIs being accessible without a user login, potentially exposing configuration meta-data. SMA100 The series has an unspecified vulnerability.Information may be obtained",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20050"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016938"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-20050",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016938",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021122102",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2135",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-20050",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-20050"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016938"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2135"
},
{
"db": "NVD",
"id": "CVE-2021-20050"
}
]
},
"id": "VAR-202110-1958",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.85
},
"last_update_date": "2024-08-14T15:11:43.064000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SNWLID-2021-0031",
"trust": 0.8,
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0031"
},
{
"title": "Sonicwall SMA100 Fixes for access control error vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=177008"
},
{
"title": "CVE-2021-22005_PoC",
"trust": 0.1,
"url": "https://github.com/RedTeamExp/CVE-2021-22005_PoC "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-20050"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016938"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2135"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-284",
"trust": 1.0
},
{
"problemtype": "others (CWE-Other) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016938"
},
{
"db": "NVD",
"id": "CVE-2021-20050"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0031"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20050"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021122102"
},
{
"trust": 0.1,
"url": "https://github.com/redteamexp/cve-2021-22005_poc"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-20050"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016938"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2135"
},
{
"db": "NVD",
"id": "CVE-2021-20050"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-20050"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016938"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2135"
},
{
"db": "NVD",
"id": "CVE-2021-20050"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-016938"
},
{
"date": "2021-12-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2135"
},
{
"date": "2021-12-23T02:15:06.637000",
"db": "NVD",
"id": "CVE-2021-20050"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-27T04:40:00",
"db": "JVNDB",
"id": "JVNDB-2021-016938"
},
{
"date": "2022-10-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2135"
},
{
"date": "2022-10-21T20:03:35.393000",
"db": "NVD",
"id": "CVE-2021-20050"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2135"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SMA100\u00a0 Vulnerability in series",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016938"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2135"
}
],
"trust": 0.6
}
}
var-202112-0731
Vulnerability from variot
An unauthenticated and remote adversary can consume all of the device's CPU due to crafted HTTP requests sent to SMA100 /fileshare/sonicfiles/sonicfiles resulting in a loop with unreachable exit condition. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. plural SonicWALL Appliances contain an infinite loop vulnerability.Service operation interruption (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-0731",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sma 410",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "9.0.0.11-31sv"
},
{
"model": "sma 200",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "9.0.0.11-31sv"
},
{
"model": "sma 400",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "9.0.0.11-31sv"
},
{
"model": "sma 500v",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 410",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 200",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 400",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 210",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 500v",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "9.0.0.11-31sv"
},
{
"model": "sma 200",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 210",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "9.0.0.11-31sv"
},
{
"model": "sma 400",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 500v",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 410",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 210",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma200",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma410",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma400",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma500v",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma210",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016106"
},
{
"db": "NVD",
"id": "CVE-2021-20041"
}
]
},
"cve": "CVE-2021-20041",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-20041",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-20041",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-20041",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-20041",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-20041",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-554",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016106"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-554"
},
{
"db": "NVD",
"id": "CVE-2021-20041"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An unauthenticated and remote adversary can consume all of the device\u0027s CPU due to crafted HTTP requests sent to SMA100 /fileshare/sonicfiles/sonicfiles resulting in a loop with unreachable exit condition. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. plural SonicWALL Appliances contain an infinite loop vulnerability.Service operation interruption (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20041"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016106"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-20041",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016106",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021120713",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202112-554",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016106"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-554"
},
{
"db": "NVD",
"id": "CVE-2021-20041"
}
]
},
"id": "VAR-202112-0731",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.9375
},
"last_update_date": "2024-08-14T13:23:03.817000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SNWLID-2021-0026",
"trust": 0.8,
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026"
},
{
"title": "SonicWall SMA100 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=174396"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016106"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-554"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-835",
"trust": 1.0
},
{
"problemtype": "infinite loop (CWE-835) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016106"
},
{
"db": "NVD",
"id": "CVE-2021-20041"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0026"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20041"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021120713"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016106"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-554"
},
{
"db": "NVD",
"id": "CVE-2021-20041"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016106"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-554"
},
{
"db": "NVD",
"id": "CVE-2021-20041"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-016106"
},
{
"date": "2021-12-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-554"
},
{
"date": "2021-12-08T10:15:08.003000",
"db": "NVD",
"id": "CVE-2021-20041"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-06T08:41:00",
"db": "JVNDB",
"id": "JVNDB-2021-016106"
},
{
"date": "2021-12-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-554"
},
{
"date": "2021-12-10T21:59:54.930000",
"db": "NVD",
"id": "CVE-2021-20041"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-554"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0SonicWALL\u00a0 Infinite loop vulnerability in appliances",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016106"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-554"
}
],
"trust": 0.6
}
}
var-202112-0425
Vulnerability from variot
A post-authentication remote command injection vulnerability in SonicWall SMA100 allows a remote authenticated attacker to execute OS system commands in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-0425",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sma 500v",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 410",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 400",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 200",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 210",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 200",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 400",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 500v",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 410",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 210",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma200",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma410",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma400",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma500v",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma210",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016103"
},
{
"db": "NVD",
"id": "CVE-2021-20044"
}
]
},
"cve": "CVE-2021-20044",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2021-20044",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2021-20044",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-20044",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-20044",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-20044",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-551",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016103"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-551"
},
{
"db": "NVD",
"id": "CVE-2021-20044"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A post-authentication remote command injection vulnerability in SonicWall SMA100 allows a remote authenticated attacker to execute OS system commands in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20044"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016103"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-20044",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016103",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021120713",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202112-551",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016103"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-551"
},
{
"db": "NVD",
"id": "CVE-2021-20044"
}
]
},
"id": "VAR-202112-0425",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.9375
},
"last_update_date": "2024-08-14T13:23:03.770000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SNWLID-2021-0026",
"trust": 0.8,
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026"
},
{
"title": "Sonicwall SMA100 Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=173992"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016103"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-551"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016103"
},
{
"db": "NVD",
"id": "CVE-2021-20044"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0026"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20044"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021120713"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016103"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-551"
},
{
"db": "NVD",
"id": "CVE-2021-20044"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016103"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-551"
},
{
"db": "NVD",
"id": "CVE-2021-20044"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-016103"
},
{
"date": "2021-12-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-551"
},
{
"date": "2021-12-08T10:15:08.150000",
"db": "NVD",
"id": "CVE-2021-20044"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-06T08:14:00",
"db": "JVNDB",
"id": "JVNDB-2021-016103"
},
{
"date": "2021-12-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-551"
},
{
"date": "2021-12-10T18:12:57.647000",
"db": "NVD",
"id": "CVE-2021-20044"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-551"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0SonicWALL\u00a0 in the appliance \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016103"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-551"
}
],
"trust": 0.6
}
}
var-202112-0424
Vulnerability from variot
A buffer overflow vulnerability in SMA100 sonicfiles RAC_COPY_TO (RacNumber 36) method allows a remote unauthenticated attacker to potentially execute code as the 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. plural SonicWALL Appliances contain a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-0424",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sma 500v",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 410",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 400",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 200",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 210",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 200",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 400",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 500v",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 410",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 210",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma210",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma200",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma410",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma400",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma500v",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016101"
},
{
"db": "NVD",
"id": "CVE-2021-20045"
}
]
},
"cve": "CVE-2021-20045",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-20045",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-20045",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-20045",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-20045",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-20045",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-550",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016101"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-550"
},
{
"db": "NVD",
"id": "CVE-2021-20045"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A buffer overflow vulnerability in SMA100 sonicfiles RAC_COPY_TO (RacNumber 36) method allows a remote unauthenticated attacker to potentially execute code as the \u0027nobody\u0027 user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. plural SonicWALL Appliances contain a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20045"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016101"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-20045",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016101",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021120713",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202112-550",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016101"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-550"
},
{
"db": "NVD",
"id": "CVE-2021-20045"
}
]
},
"id": "VAR-202112-0424",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.9375
},
"last_update_date": "2024-08-14T13:23:03.795000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SNWLID-2021-0026",
"trust": 0.8,
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026"
},
{
"title": "SonicWall SMA100 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=173991"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016101"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-550"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.0
},
{
"problemtype": "Classic buffer overflow (CWE-120) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016101"
},
{
"db": "NVD",
"id": "CVE-2021-20045"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0026"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20045"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021120713"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016101"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-550"
},
{
"db": "NVD",
"id": "CVE-2021-20045"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016101"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-550"
},
{
"db": "NVD",
"id": "CVE-2021-20045"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-016101"
},
{
"date": "2021-12-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-550"
},
{
"date": "2021-12-08T10:15:08.200000",
"db": "NVD",
"id": "CVE-2021-20045"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-06T07:59:00",
"db": "JVNDB",
"id": "JVNDB-2021-016101"
},
{
"date": "2021-12-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-550"
},
{
"date": "2021-12-10T18:04:37.307000",
"db": "NVD",
"id": "CVE-2021-20045"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-550"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0SonicWALL\u00a0 Appliance Classic Buffer Overflow Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016101"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-550"
}
],
"trust": 0.6
}
}
var-202312-0929
Vulnerability from variot
Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external domain user using accent characters, resulting in an MFA bypass. SMA200 firmware, SMA210 firmware, SMA400 firmware etc. SonicWALL The product contains authentication vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202312-0929",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sma 200",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.9-57sv"
},
{
"model": "sma 400",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.9-57sv"
},
{
"model": "sma 500v",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.9-57sv"
},
{
"model": "sma 410",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.9-57sv"
},
{
"model": "sma 210",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.9-57sv"
},
{
"model": "sma500v",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma200",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma400",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma410",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma210",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-019948"
},
{
"db": "NVD",
"id": "CVE-2023-5970"
}
]
},
"cve": "CVE-2023-5970",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-5970",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2023-5970",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-5970",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-5970",
"trust": 0.8,
"value": "High"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-019948"
},
{
"db": "NVD",
"id": "CVE-2023-5970"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external domain user using accent characters, resulting in an MFA bypass. SMA200 firmware, SMA210 firmware, SMA400 firmware etc. SonicWALL The product contains authentication vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-5970"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-019948"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-5970",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2023-019948",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-019948"
},
{
"db": "NVD",
"id": "CVE-2023-5970"
}
]
},
"id": "VAR-202312-0929",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.9375
},
"last_update_date": "2024-08-14T15:10:24.868000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.0
},
{
"problemtype": "Inappropriate authentication (CWE-287) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-019948"
},
{
"db": "NVD",
"id": "CVE-2023-5970"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2023-0018"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5970"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-019948"
},
{
"db": "NVD",
"id": "CVE-2023-5970"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2023-019948"
},
{
"db": "NVD",
"id": "CVE-2023-5970"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-01-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-019948"
},
{
"date": "2023-12-05T21:15:07.667000",
"db": "NVD",
"id": "CVE-2023-5970"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-01-15T05:57:00",
"db": "JVNDB",
"id": "JVNDB-2023-019948"
},
{
"date": "2023-12-13T15:32:02.247000",
"db": "NVD",
"id": "CVE-2023-5970"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0SonicWALL\u00a0 Product certification vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-019948"
}
],
"trust": 0.8
}
}
var-202112-1591
Vulnerability from variot
A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. This vulnerability impacts 10.2.1.2-24sv, 10.2.0.8-37sv and earlier 10.x versions. SonicWall SMA100 Exists in observable mismatch vulnerabilities.Information may be obtained. Sonicwall SMA100 is a secure access gateway device from Sonicwall Company in the United States.
The SonicWall SMA100 has a security flaw that could allow an attacker to enumerate usernames
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-1591",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sma100",
"scope": null,
"trust": 1.4,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma 100",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 100",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.2-24sv"
},
{
"model": "sma 400",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.2-24sv"
},
{
"model": "sma 210",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.0.0.0"
},
{
"model": "sma 410",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 200",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 400",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 410",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.2-24sv"
},
{
"model": "sma 200",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.2-24sv"
},
{
"model": "sma 500v",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.0.0.0"
},
{
"model": "sma 100",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.0.0.0"
},
{
"model": "sma 410",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.0.0.0"
},
{
"model": "sma 500v",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 500v",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.2-24sv"
},
{
"model": "sma 210",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 400",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.0.0.0"
},
{
"model": "sma 200",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.0.0.0"
},
{
"model": "sma 210",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.2-24sv"
},
{
"model": "sma210",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma500v",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma200",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma410",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma400",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-06907"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016940"
},
{
"db": "NVD",
"id": "CVE-2021-20049"
}
]
},
"cve": "CVE-2021-20049",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-20049",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-06907",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-20049",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-20049",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-20049",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-20049",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2022-06907",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-2137",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-20049",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-06907"
},
{
"db": "VULMON",
"id": "CVE-2021-20049"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016940"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2137"
},
{
"db": "NVD",
"id": "CVE-2021-20049"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. This vulnerability impacts 10.2.1.2-24sv, 10.2.0.8-37sv and earlier 10.x versions. SonicWall SMA100 Exists in observable mismatch vulnerabilities.Information may be obtained. Sonicwall SMA100 is a secure access gateway device from Sonicwall Company in the United States. \n\r\n\r\nThe SonicWall SMA100 has a security flaw that could allow an attacker to enumerate usernames",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20049"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016940"
},
{
"db": "CNVD",
"id": "CNVD-2022-06907"
},
{
"db": "VULMON",
"id": "CVE-2021-20049"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-20049",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016940",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-06907",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021122102",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2137",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-20049",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-06907"
},
{
"db": "VULMON",
"id": "CVE-2021-20049"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016940"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2137"
},
{
"db": "NVD",
"id": "CVE-2021-20049"
}
]
},
"id": "VAR-202112-1591",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-06907"
}
],
"trust": 1.45
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-06907"
}
]
},
"last_update_date": "2024-08-14T15:11:43.089000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SNWLID-2021-0030",
"trust": 0.8,
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0030"
},
{
"title": "Patch for SonicWall SMA100 Information Disclosure Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/316326"
},
{
"title": "SonicWall SMA100 Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=177009"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-06907"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016940"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2137"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-203",
"trust": 1.0
},
{
"problemtype": "CWE-204",
"trust": 1.0
},
{
"problemtype": "Observable discrepancy (CWE-203) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016940"
},
{
"db": "NVD",
"id": "CVE-2021-20049"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20049"
},
{
"trust": 1.7,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0030"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021122102"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-06907"
},
{
"db": "VULMON",
"id": "CVE-2021-20049"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016940"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2137"
},
{
"db": "NVD",
"id": "CVE-2021-20049"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-06907"
},
{
"db": "VULMON",
"id": "CVE-2021-20049"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016940"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2137"
},
{
"db": "NVD",
"id": "CVE-2021-20049"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-06907"
},
{
"date": "2021-12-23T00:00:00",
"db": "VULMON",
"id": "CVE-2021-20049"
},
{
"date": "2022-12-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-016940"
},
{
"date": "2021-12-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2137"
},
{
"date": "2021-12-23T02:15:06.583000",
"db": "NVD",
"id": "CVE-2021-20049"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-06907"
},
{
"date": "2022-01-04T00:00:00",
"db": "VULMON",
"id": "CVE-2021-20049"
},
{
"date": "2022-12-27T04:44:00",
"db": "JVNDB",
"id": "JVNDB-2021-016940"
},
{
"date": "2022-07-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2137"
},
{
"date": "2022-07-08T18:20:05.127000",
"db": "NVD",
"id": "CVE-2021-20049"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2137"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SonicWall SMA100 Information Disclosure Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-06907"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2137"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2137"
}
],
"trust": 0.6
}
}
var-202112-0361
Vulnerability from variot
A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv and earlier versions. plural SonicWALL Appliances contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-0361",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sma 400",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.2-24sv"
},
{
"model": "sma 500v",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 410",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 200",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 400",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 410",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.2-24sv"
},
{
"model": "sma 200",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.2-24sv"
},
{
"model": "sma 210",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 200",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 400",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 500v",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 500v",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.2-24sv"
},
{
"model": "sma 410",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 210",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 210",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.2-24sv"
},
{
"model": "sma200",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma410",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma400",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma500v",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma210",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016109"
},
{
"db": "NVD",
"id": "CVE-2021-20038"
}
]
},
"cve": "CVE-2021-20038",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-20038",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-20038",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-20038",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-20038",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-20038",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-557",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2021-20038",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-20038"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016109"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-557"
},
{
"db": "NVD",
"id": "CVE-2021-20038"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server\u0027s mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a \u0027nobody\u0027 user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv and earlier versions. plural SonicWALL Appliances contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20038"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016109"
},
{
"db": "VULMON",
"id": "CVE-2021-20038"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-20038",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016109",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021120713",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202112-557",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-20038",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-20038"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016109"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-557"
},
{
"db": "NVD",
"id": "CVE-2021-20038"
}
]
},
"id": "VAR-202112-0361",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.9375
},
"last_update_date": "2024-08-14T13:23:03.889000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SNWLID-2021-0026",
"trust": 0.8,
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026"
},
{
"title": "Sonicwall SMA100 Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=174193"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/ExploitPwner/CVE-2021-20038-Mass-RCE-SonicWall "
},
{
"title": "nmap-scripts",
"trust": 0.1,
"url": "https://github.com/S3ntinelX/nmap-scripts "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/XmasSnowREAL/CVE-2021-20038-Mass-RCE "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/ExploitPwner/CVE-2021-20038-Mass-RCE "
},
{
"title": "BleepingComputer",
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/security/attackers-now-actively-targeting-critical-sonicwall-rce-bug/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/sonicwall-nac-vulnerability-apache-mods/177529/"
},
{
"title": "The Register",
"trust": 0.1,
"url": "https://www.theregister.co.uk/2022/01/11/sonicwall_multiple_vulns/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/critical-sonicwall-vpn-bugs-appliance-takeover/176869/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-20038"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016109"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-557"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016109"
},
{
"db": "NVD",
"id": "CVE-2021-20038"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.rapid7.com/blog/post/2022/01/11/cve-2021-20038-42-sonicwall-sma-100-multiple-vulnerabilities-fixed-2/"
},
{
"trust": 1.7,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0026"
},
{
"trust": 1.7,
"url": "https://github.com/jbaines-r7/badblood"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20038"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021120713"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://github.com/exploitpwner/cve-2021-20038-mass-rce-sonicwall"
},
{
"trust": 0.1,
"url": "https://github.com/s3ntinelx/nmap-scripts"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://threatpost.com/sonicwall-nac-vulnerability-apache-mods/177529/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-20038"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016109"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-557"
},
{
"db": "NVD",
"id": "CVE-2021-20038"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-20038"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016109"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-557"
},
{
"db": "NVD",
"id": "CVE-2021-20038"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-08T00:00:00",
"db": "VULMON",
"id": "CVE-2021-20038"
},
{
"date": "2022-12-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-016109"
},
{
"date": "2021-12-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-557"
},
{
"date": "2021-12-08T10:15:07.750000",
"db": "NVD",
"id": "CVE-2021-20038"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-13T00:00:00",
"db": "VULMON",
"id": "CVE-2021-20038"
},
{
"date": "2022-12-06T09:05:00",
"db": "JVNDB",
"id": "JVNDB-2021-016109"
},
{
"date": "2022-05-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-557"
},
{
"date": "2022-05-13T14:54:32.797000",
"db": "NVD",
"id": "CVE-2021-20038"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-557"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0SonicWALL\u00a0 Appliance out-of-bounds write vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016109"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-557"
}
],
"trust": 0.6
}
}
var-202312-2070
Vulnerability from variot
Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user, potentially leading to OS Command Injection Vulnerability. SMA200 firmware, SMA210 firmware, SMA400 firmware etc. SonicWALL The product has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202312-2070",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sma 200",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.9-57sv"
},
{
"model": "sma 400",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.9-57sv"
},
{
"model": "sma 500v",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.9-57sv"
},
{
"model": "sma 410",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.9-57sv"
},
{
"model": "sma 210",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.9-57sv"
},
{
"model": "sma500v",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma200",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma400",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma410",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma210",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-019954"
},
{
"db": "NVD",
"id": "CVE-2023-44221"
}
]
},
"cve": "CVE-2023-44221",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2023-44221",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2023-44221",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-44221",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-44221",
"trust": 0.8,
"value": "High"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-019954"
},
{
"db": "NVD",
"id": "CVE-2023-44221"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a \u0027nobody\u0027 user, potentially leading to OS Command Injection Vulnerability. SMA200 firmware, SMA210 firmware, SMA400 firmware etc. SonicWALL The product has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-44221"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-019954"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-44221",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2023-019954",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-019954"
},
{
"db": "NVD",
"id": "CVE-2023-44221"
}
]
},
"id": "VAR-202312-2070",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.9375
},
"last_update_date": "2024-08-14T14:30:06.522000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-019954"
},
{
"db": "NVD",
"id": "CVE-2023-44221"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2023-0018"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-44221"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-019954"
},
{
"db": "NVD",
"id": "CVE-2023-44221"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2023-019954"
},
{
"db": "NVD",
"id": "CVE-2023-44221"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-01-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-019954"
},
{
"date": "2023-12-05T21:15:07.150000",
"db": "NVD",
"id": "CVE-2023-44221"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-01-15T05:59:00",
"db": "JVNDB",
"id": "JVNDB-2023-019954"
},
{
"date": "2023-12-13T15:33:56.183000",
"db": "NVD",
"id": "CVE-2023-44221"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0SonicWALL\u00a0 In the product \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-019954"
}
],
"trust": 0.8
}
}
var-202112-0426
Vulnerability from variot
A Heap-based buffer overflow vulnerability in SonicWall SMA100 getBookmarks method allows a remote authenticated attacker to potentially execute code as the nobody user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. plural SonicWALL Appliances contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-0426",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sma 500v",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 410",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 400",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 200",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 210",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 200",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 400",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 500v",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 410",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 210",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma200",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma410",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma400",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma500v",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma210",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016104"
},
{
"db": "NVD",
"id": "CVE-2021-20043"
}
]
},
"cve": "CVE-2021-20043",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2021-20043",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2021-20043",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-20043",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-20043",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-20043",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-552",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016104"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-552"
},
{
"db": "NVD",
"id": "CVE-2021-20043"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Heap-based buffer overflow vulnerability in SonicWall SMA100 getBookmarks method allows a remote authenticated attacker to potentially execute code as the nobody user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. plural SonicWALL Appliances contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20043"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016104"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-20043",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016104",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021120713",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202112-552",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016104"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-552"
},
{
"db": "NVD",
"id": "CVE-2021-20043"
}
]
},
"id": "VAR-202112-0426",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.9375
},
"last_update_date": "2024-08-14T13:23:03.844000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SNWLID-2021-0026",
"trust": 0.8,
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026"
},
{
"title": "Sonicwall SMA100 Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=174192"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016104"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-552"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-122",
"trust": 1.0
},
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016104"
},
{
"db": "NVD",
"id": "CVE-2021-20043"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0026"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20043"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021120713"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016104"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-552"
},
{
"db": "NVD",
"id": "CVE-2021-20043"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016104"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-552"
},
{
"db": "NVD",
"id": "CVE-2021-20043"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-016104"
},
{
"date": "2021-12-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-552"
},
{
"date": "2021-12-08T10:15:08.100000",
"db": "NVD",
"id": "CVE-2021-20043"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-06T08:31:00",
"db": "JVNDB",
"id": "JVNDB-2021-016104"
},
{
"date": "2021-12-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-552"
},
{
"date": "2021-12-10T18:19:14.460000",
"db": "NVD",
"id": "CVE-2021-20043"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-552"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0SonicWALL\u00a0 Appliance out-of-bounds write vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016104"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-552"
}
],
"trust": 0.6
}
}
var-202204-1365
Vulnerability from variot
A post-authentication arbitrary file read vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access (SMA) 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlier versions and Secure Mobile Access (SMA) 100 series products running older firmware 9.0.0.9-26sv and earlier versions. ** Not supported ** This is a vulnerability in an unsupported product. sra 1200 firmware, sra 4200 firmware, SMA210 firmware etc. SonicWALL The product contains authentication vulnerabilities.Information may be obtained
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202204-1365",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sra 1200",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "9.0.0.5-19sv"
},
{
"model": "sra 4200",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "9.0.0.5-19sv"
},
{
"model": "sma 410",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "9.0.0.10-28sv"
},
{
"model": "sma 500v",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "9.0.0.10-28sv"
},
{
"model": "sma 210",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "9.0.0.10-28sv"
},
{
"model": "sma210",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma410",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sra 1200",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma500v",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sra 4200",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-008412"
},
{
"db": "NVD",
"id": "CVE-2022-22279"
}
]
},
"cve": "CVE-2022-22279",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2022-22279",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2022-22279",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.9,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-22279",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-22279",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-22279",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202204-3327",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-22279",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-22279"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008412"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3327"
},
{
"db": "NVD",
"id": "CVE-2022-22279"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A post-authentication arbitrary file read vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access (SMA) 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlier versions and Secure Mobile Access (SMA) 100 series products running older firmware 9.0.0.9-26sv and earlier versions. ** Not supported ** This is a vulnerability in an unsupported product. sra 1200 firmware, sra 4200 firmware, SMA210 firmware etc. SonicWALL The product contains authentication vulnerabilities.Information may be obtained",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-22279"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008412"
},
{
"db": "VULMON",
"id": "CVE-2022-22279"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-22279",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008412",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2022041325",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3327",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-22279",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-22279"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008412"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3327"
},
{
"db": "NVD",
"id": "CVE-2022-22279"
}
]
},
"id": "VAR-202204-1365",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.875
},
"last_update_date": "2024-11-23T23:03:52.990000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Sonicwall SonicWall SSLVPN Repair measures for path traversal vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=247257"
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-23305 "
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-RCE "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-22279"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3327"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.0
},
{
"problemtype": "CWE-23",
"trust": 1.0
},
{
"problemtype": "Inappropriate authentication (CWE-287) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-008412"
},
{
"db": "NVD",
"id": "CVE-2022-22279"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2022-0006"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22279"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-22279/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022041325"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/22.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/alphabugx/cve-2022-23305"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-22279"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008412"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3327"
},
{
"db": "NVD",
"id": "CVE-2022-22279"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2022-22279"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008412"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3327"
},
{
"db": "NVD",
"id": "CVE-2022-22279"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-13T00:00:00",
"db": "VULMON",
"id": "CVE-2022-22279"
},
{
"date": "2023-07-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-008412"
},
{
"date": "2022-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-3327"
},
{
"date": "2022-04-13T06:15:07.177000",
"db": "NVD",
"id": "CVE-2022-22279"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2022-22279"
},
{
"date": "2023-07-26T08:26:00",
"db": "JVNDB",
"id": "JVNDB-2022-008412"
},
{
"date": "2023-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-3327"
},
{
"date": "2024-11-21T06:46:33.013000",
"db": "NVD",
"id": "CVE-2022-22279"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-3327"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0SonicWALL\u00a0 Product certification vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-008412"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-3327"
}
],
"trust": 0.6
}
}
var-202203-0661
Vulnerability from variot
Improper neutralization of Special Elements leading to OS Command Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access (SMA) 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlier versions and Secure Mobile Access (SMA) 100 series products running older firmware 9.0.0.9-26sv and earlier versions. ** Not supported ** This is a vulnerability in an unsupported product. SMA200 firmware, SMA210 firmware, SMA400 firmware etc. SonicWALL The product has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202203-0661",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sra 1200",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "9.0.0.5-19sv"
},
{
"model": "sma 410",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "9.0.0.9-26sv"
},
{
"model": "sra 4200",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "9.0.0.5-19sv"
},
{
"model": "sma 200",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "9.0.0.9-26sv"
},
{
"model": "sma 400",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "9.0.0.9-26sv"
},
{
"model": "sra 4600",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "9.0.0.5-19sv"
},
{
"model": "sma 210",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "9.0.0.9-26sv"
},
{
"model": "sra 1600",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "9.0.0.5-19sv"
},
{
"model": "sma 500v",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "9.0.0.9-26sv"
},
{
"model": "sma400",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma200",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sra 1600",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sra 4200",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sra 4600",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma210",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma410",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma500v",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sra 1200",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-007210"
},
{
"db": "NVD",
"id": "CVE-2022-22273"
}
]
},
"cve": "CVE-2022-22273",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2022-22273",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-22273",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-22273",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-22273",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2022-22273",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202203-1558",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2022-22273",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-22273"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007210"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1558"
},
{
"db": "NVD",
"id": "CVE-2022-22273"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Improper neutralization of Special Elements leading to OS Command Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access (SMA) 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlier versions and Secure Mobile Access (SMA) 100 series products running older firmware 9.0.0.9-26sv and earlier versions. ** Not supported ** This is a vulnerability in an unsupported product. SMA200 firmware, SMA210 firmware, SMA400 firmware etc. SonicWALL The product has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-22273"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007210"
},
{
"db": "VULMON",
"id": "CVE-2022-22273"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-22273",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007210",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2022032427",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1558",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-22273",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-22273"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007210"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1558"
},
{
"db": "NVD",
"id": "CVE-2022-22273"
}
]
},
"id": "VAR-202203-0661",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.9375
},
"last_update_date": "2024-11-23T23:10:56.720000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SonicWall SSLVPN Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=187035"
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-23305 "
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-RCE "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-22273"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1558"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-007210"
},
{
"db": "NVD",
"id": "CVE-2022-22273"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2022-0001"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22273"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-22273/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022032427"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/alphabugx/cve-2022-23305"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-22273"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007210"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1558"
},
{
"db": "NVD",
"id": "CVE-2022-22273"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2022-22273"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007210"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1558"
},
{
"db": "NVD",
"id": "CVE-2022-22273"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-17T00:00:00",
"db": "VULMON",
"id": "CVE-2022-22273"
},
{
"date": "2023-07-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-007210"
},
{
"date": "2022-03-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-1558"
},
{
"date": "2022-03-17T02:15:06.567000",
"db": "NVD",
"id": "CVE-2022-22273"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2022-22273"
},
{
"date": "2023-07-12T08:29:00",
"db": "JVNDB",
"id": "JVNDB-2022-007210"
},
{
"date": "2022-04-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-1558"
},
{
"date": "2024-11-21T06:46:32.127000",
"db": "NVD",
"id": "CVE-2022-22273"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1558"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0SonicWALL\u00a0 In the product \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-007210"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1558"
}
],
"trust": 0.6
}
}
var-202112-0730
Vulnerability from variot
An unauthenticated remote attacker can use SMA 100 as an unintended proxy or intermediary undetectable proxy to bypass firewall rules. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. plural SonicWALL Appliances contain an external controllable reference vulnerability to other space resources.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Sonicwall SMA100 is a secure access gateway device from Sonicwall Company in the United States
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-0730",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sma200",
"scope": null,
"trust": 1.4,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma410",
"scope": null,
"trust": 1.4,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma500v",
"scope": null,
"trust": 1.4,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma400",
"scope": null,
"trust": 1.4,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma 410",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "9.0.0.11-31sv"
},
{
"model": "sma 200",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "9.0.0.11-31sv"
},
{
"model": "sma 400",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "9.0.0.11-31sv"
},
{
"model": "sma 500v",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 410",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 200",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 400",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 210",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 500v",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "9.0.0.11-31sv"
},
{
"model": "sma 200",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 210",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "9.0.0.11-31sv"
},
{
"model": "sma 400",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 500v",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 410",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 210",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma210",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma100",
"scope": null,
"trust": 0.6,
"vendor": "sonicwall",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08929"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016105"
},
{
"db": "NVD",
"id": "CVE-2021-20042"
}
]
},
"cve": "CVE-2021-20042",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-20042",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-08929",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-20042",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-20042",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-20042",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-20042",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2022-08929",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-553",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08929"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016105"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-553"
},
{
"db": "NVD",
"id": "CVE-2021-20042"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An unauthenticated remote attacker can use SMA 100 as an unintended proxy or intermediary undetectable proxy to bypass firewall rules. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. plural SonicWALL Appliances contain an external controllable reference vulnerability to other space resources.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Sonicwall SMA100 is a secure access gateway device from Sonicwall Company in the United States",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20042"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016105"
},
{
"db": "CNVD",
"id": "CNVD-2022-08929"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-20042",
"trust": 3.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016105",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-08929",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021120713",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202112-553",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08929"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016105"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-553"
},
{
"db": "NVD",
"id": "CVE-2021-20042"
}
]
},
"id": "VAR-202112-0730",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08929"
}
],
"trust": 1.45
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08929"
}
]
},
"last_update_date": "2024-08-14T13:23:03.915000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SNWLID-2021-0026",
"trust": 0.8,
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026"
},
{
"title": "Patch for Unknown Vulnerability in SonicWall SMA100",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/318166"
},
{
"title": "SonicWall SMA100 Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=173994"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08929"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016105"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-553"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-441",
"trust": 1.0
},
{
"problemtype": "Externally controllable reference to another region resource (CWE-610) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016105"
},
{
"db": "NVD",
"id": "CVE-2021-20042"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20042"
},
{
"trust": 1.6,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0026"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021120713"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08929"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016105"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-553"
},
{
"db": "NVD",
"id": "CVE-2021-20042"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-08929"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016105"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-553"
},
{
"db": "NVD",
"id": "CVE-2021-20042"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-08929"
},
{
"date": "2022-12-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-016105"
},
{
"date": "2021-12-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-553"
},
{
"date": "2021-12-08T10:15:08.053000",
"db": "NVD",
"id": "CVE-2021-20042"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-08929"
},
{
"date": "2022-12-06T08:36:00",
"db": "JVNDB",
"id": "JVNDB-2021-016105"
},
{
"date": "2023-06-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-553"
},
{
"date": "2023-06-26T19:15:03.807000",
"db": "NVD",
"id": "CVE-2021-20042"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-553"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0SonicWALL\u00a0 Vulnerability related to external controllable references to other space resources in appliances",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016105"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-553"
}
],
"trust": 0.6
}
}
var-202208-2082
Vulnerability from variot
A Heap-based Buffer Overflow vulnerability in the SonicWall SMA100 appliance allows a remote authenticated attacker to cause Denial of Service (DoS) on the appliance or potentially lead to code execution. This vulnerability impacts 10.2.1.5-34sv and earlier versions. SMA200 firmware, SMA210 firmware, SMA400 firmware etc. SonicWALL The product contains a vulnerability related to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202208-2082",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sma 400",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.5-34sv"
},
{
"model": "sma 200",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.5-34sv"
},
{
"model": "sma 500v",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.5-34sv"
},
{
"model": "sma 410",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.5-34sv"
},
{
"model": "sma 210",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.5-34sv"
},
{
"model": "sma410",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma500v",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma200",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma210",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma400",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-015995"
},
{
"db": "NVD",
"id": "CVE-2022-2915"
}
]
},
"cve": "CVE-2022-2915",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-2915",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-2915",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-2915",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-2915",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202208-4247",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-015995"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-4247"
},
{
"db": "NVD",
"id": "CVE-2022-2915"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Heap-based Buffer Overflow vulnerability in the SonicWall SMA100 appliance allows a remote authenticated attacker to cause Denial of Service (DoS) on the appliance or potentially lead to code execution. This vulnerability impacts 10.2.1.5-34sv and earlier versions. SMA200 firmware, SMA210 firmware, SMA400 firmware etc. SonicWALL The product contains a vulnerability related to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-2915"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015995"
},
{
"db": "VULMON",
"id": "CVE-2022-2915"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-2915",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015995",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202208-4247",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-2915",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-2915"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015995"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-4247"
},
{
"db": "NVD",
"id": "CVE-2022-2915"
}
]
},
"id": "VAR-202208-2082",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.9375
},
"last_update_date": "2024-08-14T15:37:27.532000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SonicWALL SMA100 Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=207790"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-4247"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-122",
"trust": 1.0
},
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-015995"
},
{
"db": "NVD",
"id": "CVE-2022-2915"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2022-0019"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2915"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-2915/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-2915"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015995"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-4247"
},
{
"db": "NVD",
"id": "CVE-2022-2915"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2022-2915"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015995"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-4247"
},
{
"db": "NVD",
"id": "CVE-2022-2915"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-26T00:00:00",
"db": "VULMON",
"id": "CVE-2022-2915"
},
{
"date": "2023-09-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-015995"
},
{
"date": "2022-08-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-4247"
},
{
"date": "2022-08-26T21:15:08.867000",
"db": "NVD",
"id": "CVE-2022-2915"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-27T00:00:00",
"db": "VULMON",
"id": "CVE-2022-2915"
},
{
"date": "2023-09-29T08:07:00",
"db": "JVNDB",
"id": "JVNDB-2022-015995"
},
{
"date": "2022-09-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-4247"
},
{
"date": "2022-09-01T19:27:14.893000",
"db": "NVD",
"id": "CVE-2022-2915"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-4247"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0SonicWALL\u00a0 Out-of-bounds write vulnerabilities in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-015995"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-4247"
}
],
"trust": 0.6
}
}
var-202102-0898
Vulnerability from variot
A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x. SonicWall SSLVPN SMA100 The product has SQL An injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Sonicwall SMA100 is a security access gateway device of American Sonicwall Company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202102-0898",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sma 400",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma 500v",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma 200",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma 210",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma 410",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma 100",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.5-d-29sv"
},
{
"model": "sma 100",
"scope": "gte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.0.0.0"
},
{
"model": "sma500v",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma210",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma200",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma410",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma100",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma400",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003143"
},
{
"db": "NVD",
"id": "CVE-2021-20016"
}
]
},
"cve": "CVE-2021-20016",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-20016",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-377635",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-20016",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-20016",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-20016",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-20016",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-394",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-377635",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-20016",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-377635"
},
{
"db": "VULMON",
"id": "CVE-2021-20016"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003143"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-394"
},
{
"db": "NVD",
"id": "CVE-2021-20016"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x. SonicWall SSLVPN SMA100 The product has SQL An injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Sonicwall SMA100 is a security access gateway device of American Sonicwall Company",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20016"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003143"
},
{
"db": "VULHUB",
"id": "VHN-377635"
},
{
"db": "VULMON",
"id": "CVE-2021-20016"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-20016",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003143",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202102-394",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-377635",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-20016",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-377635"
},
{
"db": "VULMON",
"id": "CVE-2021-20016"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003143"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-394"
},
{
"db": "NVD",
"id": "CVE-2021-20016"
}
]
},
"id": "VAR-202102-0898",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-377635"
}
],
"trust": 0.95
},
"last_update_date": "2024-11-23T22:54:54.598000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SNWLID-2021-0001",
"trust": 0.8,
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0001"
},
{
"title": "Sonicwall SMA100 SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=141126"
},
{
"title": "Fireeye Threat Research",
"trust": 0.1,
"url": "https://www.fireeye.com/blog/threat-research/2021/05/shining-a-light-on-darkside-ransomware-operations.html"
},
{
"title": "Fireeye Threat Research",
"trust": 0.1,
"url": "https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-20016"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003143"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-394"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.1
},
{
"problemtype": "SQL injection (CWE-89) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-377635"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003143"
},
{
"db": "NVD",
"id": "CVE-2021-20016"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0001"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20016"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/89.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-377635"
},
{
"db": "VULMON",
"id": "CVE-2021-20016"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003143"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-394"
},
{
"db": "NVD",
"id": "CVE-2021-20016"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-377635"
},
{
"db": "VULMON",
"id": "CVE-2021-20016"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003143"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-394"
},
{
"db": "NVD",
"id": "CVE-2021-20016"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-04T00:00:00",
"db": "VULHUB",
"id": "VHN-377635"
},
{
"date": "2021-02-04T00:00:00",
"db": "VULMON",
"id": "CVE-2021-20016"
},
{
"date": "2021-10-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-003143"
},
{
"date": "2021-02-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-394"
},
{
"date": "2021-02-04T06:15:13.817000",
"db": "NVD",
"id": "CVE-2021-20016"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-08T00:00:00",
"db": "VULHUB",
"id": "VHN-377635"
},
{
"date": "2021-02-08T00:00:00",
"db": "VULMON",
"id": "CVE-2021-20016"
},
{
"date": "2021-10-19T07:03:00",
"db": "JVNDB",
"id": "JVNDB-2021-003143"
},
{
"date": "2021-02-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-394"
},
{
"date": "2024-11-21T05:45:47.220000",
"db": "NVD",
"id": "CVE-2021-20016"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-394"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SonicWall\u00a0SSLVPN\u00a0SMA100\u00a0 In the product \u00a0SQL\u00a0 Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003143"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-394"
}
],
"trust": 0.6
}
}
var-202112-0732
Vulnerability from variot
A relative path traversal vulnerability in the SMA100 upload funtion allows a remote unauthenticated attacker to upload crafted web pages or files as a 'nobody' user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. plural SonicWALL Appliance contains a path traversal vulnerability.Information may be tampered with
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-0732",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sma 500v",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 410",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 400",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 200",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 210",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 200",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 400",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 500v",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma 410",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.1-19sv"
},
{
"model": "sma 210",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.8-37sv"
},
{
"model": "sma200",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma410",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma400",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma500v",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "sma210",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016107"
},
{
"db": "NVD",
"id": "CVE-2021-20040"
}
]
},
"cve": "CVE-2021-20040",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-20040",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-20040",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-20040",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-20040",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-20040",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-555",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016107"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-555"
},
{
"db": "NVD",
"id": "CVE-2021-20040"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A relative path traversal vulnerability in the SMA100 upload funtion allows a remote unauthenticated attacker to upload crafted web pages or files as a \u0027nobody\u0027 user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. plural SonicWALL Appliance contains a path traversal vulnerability.Information may be tampered with",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20040"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016107"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-20040",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016107",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021120713",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202112-555",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016107"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-555"
},
{
"db": "NVD",
"id": "CVE-2021-20040"
}
]
},
"id": "VAR-202112-0732",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.9375
},
"last_update_date": "2024-08-14T13:23:03.737000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SNWLID-2021-0026",
"trust": 0.8,
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026"
},
{
"title": "Sonicwall SMA100 Repair measures for path traversal vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=173996"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016107"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-555"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-23",
"trust": 1.0
},
{
"problemtype": "CWE-22",
"trust": 1.0
},
{
"problemtype": "Path traversal (CWE-22) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016107"
},
{
"db": "NVD",
"id": "CVE-2021-20040"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0026"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20040"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021120713"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016107"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-555"
},
{
"db": "NVD",
"id": "CVE-2021-20040"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016107"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-555"
},
{
"db": "NVD",
"id": "CVE-2021-20040"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-016107"
},
{
"date": "2021-12-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-555"
},
{
"date": "2021-12-08T10:15:07.953000",
"db": "NVD",
"id": "CVE-2021-20040"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-06T08:50:00",
"db": "JVNDB",
"id": "JVNDB-2021-016107"
},
{
"date": "2021-12-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-555"
},
{
"date": "2021-12-10T22:11:11.603000",
"db": "NVD",
"id": "CVE-2021-20040"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-555"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0SonicWALL\u00a0 Path Traversal Vulnerability in Appliances",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016107"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-555"
}
],
"trust": 0.6
}
}
Vulnerability from fkie_nvd
Published
2021-12-23 02:15
Modified
2024-11-21 05:45
Severity ?
Summary
An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted management APIs being accessible without a user login, potentially exposing configuration meta-data.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sonicwall | sma_100_firmware | * | |
| sonicwall | sma_100_firmware | 10.2.0.8-37sv | |
| sonicwall | sma_100_firmware | 10.2.1.2-24sv | |
| sonicwall | sma100 | - | |
| sonicwall | sma_200_firmware | * | |
| sonicwall | sma_200_firmware | 10.2.0.8-37sv | |
| sonicwall | sma_200_firmware | 10.2.1.2-24sv | |
| sonicwall | sma200 | - | |
| sonicwall | sma_210_firmware | * | |
| sonicwall | sma_210_firmware | 10.2.0.8-37sv | |
| sonicwall | sma_210_firmware | 10.2.1.2-24sv | |
| sonicwall | sma210 | - | |
| sonicwall | sma_400_firmware | * | |
| sonicwall | sma_400_firmware | 10.2.0.8-37sv | |
| sonicwall | sma_400_firmware | 10.2.1.2-24sv | |
| sonicwall | sma400 | - | |
| sonicwall | sma_410_firmware | * | |
| sonicwall | sma_410_firmware | 10.2.0.8-37sv | |
| sonicwall | sma_410_firmware | 10.2.1.2-24sv | |
| sonicwall | sma410 | - | |
| sonicwall | sma_500v_firmware | * | |
| sonicwall | sma_500v_firmware | 10.2.0.8-37sv | |
| sonicwall | sma_500v_firmware | 10.2.1.2-24sv | |
| sonicwall | sma500v | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:sma_100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C1A02AA5-1A61-429B-B0B3-898636C4B563",
"versionEndExcluding": "10.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sonicwall:sma_100_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*",
"matchCriteriaId": "87A26093-E966-4EBA-AA58-2C98499B9165",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sonicwall:sma_100_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*",
"matchCriteriaId": "5575D431-4FF7-4717-9DA8-4DBD1EF49BB1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:sma100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E4A2B7B-40F5-4AE0-ACC7-E94B82435DBA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:sma_200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "903AAB55-2325-44BA-ADA9-69AAEE9A1AF9",
"versionEndExcluding": "10.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sonicwall:sma_200_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*",
"matchCriteriaId": "4185C028-6A07-4A92-8380-9AA3953D2CFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sonicwall:sma_200_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*",
"matchCriteriaId": "01134E66-F1FD-477B-AD44-FDEE8368BE18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:sma200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4AE2DFC-D7C3-40B8-B3DD-B65F7BB5D8C3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:sma_210_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F4892669-DD8A-4A28-B6AA-632A8DA861AC",
"versionEndExcluding": "10.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sonicwall:sma_210_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*",
"matchCriteriaId": "E62EEC93-6F52-4DDB-95F0-D5736391D64C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sonicwall:sma_210_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*",
"matchCriteriaId": "B38AAB98-7668-4F34-8D5F-9933422F12DD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:sma210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E069FF32-C6B6-4EB3-B6E4-CEF6A6C4257D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:sma_400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F9AC3454-D403-4989-81F3-9DD7608967AA",
"versionEndExcluding": "10.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sonicwall:sma_400_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE21589-3BEC-4245-9939-CF50DE70B12A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sonicwall:sma_400_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*",
"matchCriteriaId": "54946A90-09AC-4387-BACB-883AE70FD5A7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:sma400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A0EF9C5-685E-49A4-ABFE-302781111753",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:sma_410_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42AE0158-515A-4565-B814-27AEAD941304",
"versionEndExcluding": "10.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sonicwall:sma_410_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*",
"matchCriteriaId": "53698BD3-43B6-4EC4-8847-E6ED9A3CB6F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sonicwall:sma_410_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*",
"matchCriteriaId": "9F1FA3D8-C44A-4F33-B35D-AADF8C4E45DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:sma410:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47C0EBD9-B4BA-4E45-8BE3-3B6C60BF0FC1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:sma_500v_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4AE054F5-87E5-4DF5-9CD8-BF39428A092F",
"versionEndExcluding": "10.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sonicwall:sma_500v_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*",
"matchCriteriaId": "379F7CA2-8914-4710-AE6B-D2833605D4B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sonicwall:sma_500v_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*",
"matchCriteriaId": "9395563D-9071-4CE2-BAEA-D6854F4AD961",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:sma500v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8FF52AAE-592C-4472-866C-7776ADBA5E93",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted management APIs being accessible without a user login, potentially exposing configuration meta-data."
},
{
"lang": "es",
"value": "Una vulnerabilidad de control de acceso inapropiado en la serie SMA100 conlleva a que varias API de administraci\u00f3n restringidas sean accesibles sin un inicio de sesi\u00f3n de usuario, exponiendo potencialmente los metadatos de configuraci\u00f3n"
}
],
"id": "CVE-2021-20050",
"lastModified": "2024-11-21T05:45:51.470",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-23T02:15:06.637",
"references": [
{
"source": "PSIRT@sonicwall.com",
"tags": [
"Vendor Advisory"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0031"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0031"
}
],
"sourceIdentifier": "PSIRT@sonicwall.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "PSIRT@sonicwall.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-23 02:15
Modified
2024-11-21 05:45
Severity ?
Summary
A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. This vulnerability impacts 10.2.1.2-24sv, 10.2.0.8-37sv and earlier 10.x versions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sonicwall | sma_100_firmware | * | |
| sonicwall | sma_100_firmware | 10.2.0.8-37sv | |
| sonicwall | sma_100_firmware | 10.2.1.2-24sv | |
| sonicwall | sma100 | - | |
| sonicwall | sma_200_firmware | * | |
| sonicwall | sma_200_firmware | 10.2.0.8-37sv | |
| sonicwall | sma_200_firmware | 10.2.1.2-24sv | |
| sonicwall | sma200 | - | |
| sonicwall | sma_210_firmware | * | |
| sonicwall | sma_210_firmware | 10.2.0.8-37sv | |
| sonicwall | sma_210_firmware | 10.2.1.2-24sv | |
| sonicwall | sma210 | - | |
| sonicwall | sma_400_firmware | * | |
| sonicwall | sma_400_firmware | 10.2.0.8-37sv | |
| sonicwall | sma_400_firmware | 10.2.1.2-24sv | |
| sonicwall | sma400 | - | |
| sonicwall | sma_410_firmware | * | |
| sonicwall | sma_410_firmware | 10.2.0.8-37sv | |
| sonicwall | sma_410_firmware | 10.2.1.2-24sv | |
| sonicwall | sma410 | - | |
| sonicwall | sma_500v_firmware | * | |
| sonicwall | sma_500v_firmware | 10.2.0.8-37sv | |
| sonicwall | sma_500v_firmware | 10.2.1.2-24sv | |
| sonicwall | sma500v | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:sma_100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C1A02AA5-1A61-429B-B0B3-898636C4B563",
"versionEndExcluding": "10.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sonicwall:sma_100_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*",
"matchCriteriaId": "87A26093-E966-4EBA-AA58-2C98499B9165",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sonicwall:sma_100_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*",
"matchCriteriaId": "5575D431-4FF7-4717-9DA8-4DBD1EF49BB1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:sma100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E4A2B7B-40F5-4AE0-ACC7-E94B82435DBA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:sma_200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "903AAB55-2325-44BA-ADA9-69AAEE9A1AF9",
"versionEndExcluding": "10.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sonicwall:sma_200_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*",
"matchCriteriaId": "4185C028-6A07-4A92-8380-9AA3953D2CFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sonicwall:sma_200_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*",
"matchCriteriaId": "01134E66-F1FD-477B-AD44-FDEE8368BE18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:sma200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4AE2DFC-D7C3-40B8-B3DD-B65F7BB5D8C3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:sma_210_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F4892669-DD8A-4A28-B6AA-632A8DA861AC",
"versionEndExcluding": "10.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sonicwall:sma_210_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*",
"matchCriteriaId": "E62EEC93-6F52-4DDB-95F0-D5736391D64C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sonicwall:sma_210_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*",
"matchCriteriaId": "B38AAB98-7668-4F34-8D5F-9933422F12DD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:sma210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E069FF32-C6B6-4EB3-B6E4-CEF6A6C4257D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:sma_400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F9AC3454-D403-4989-81F3-9DD7608967AA",
"versionEndExcluding": "10.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sonicwall:sma_400_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE21589-3BEC-4245-9939-CF50DE70B12A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sonicwall:sma_400_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*",
"matchCriteriaId": "54946A90-09AC-4387-BACB-883AE70FD5A7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:sma400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A0EF9C5-685E-49A4-ABFE-302781111753",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:sma_410_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42AE0158-515A-4565-B814-27AEAD941304",
"versionEndExcluding": "10.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sonicwall:sma_410_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*",
"matchCriteriaId": "53698BD3-43B6-4EC4-8847-E6ED9A3CB6F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sonicwall:sma_410_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*",
"matchCriteriaId": "9F1FA3D8-C44A-4F33-B35D-AADF8C4E45DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:sma410:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47C0EBD9-B4BA-4E45-8BE3-3B6C60BF0FC1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:sma_500v_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4AE054F5-87E5-4DF5-9CD8-BF39428A092F",
"versionEndExcluding": "10.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sonicwall:sma_500v_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*",
"matchCriteriaId": "379F7CA2-8914-4710-AE6B-D2833605D4B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sonicwall:sma_500v_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*",
"matchCriteriaId": "9395563D-9071-4CE2-BAEA-D6854F4AD961",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:sma500v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8FF52AAE-592C-4472-866C-7776ADBA5E93",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. This vulnerability impacts 10.2.1.2-24sv, 10.2.0.8-37sv and earlier 10.x versions."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la API de cambio de contrase\u00f1a de SonicWall SMA100, permite a un atacante remoto no autenticado llevar a cabo una enumeraci\u00f3n de nombres de usuario de SMA100 bas\u00e1ndose en las respuestas del servidor. Esta vulnerabilidad afecta a las versiones 10.2.1.2-24sv, 10.2.0.8-37sv y versiones anteriores 10.x"
}
],
"id": "CVE-2021-20049",
"lastModified": "2024-11-21T05:45:51.337",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-23T02:15:06.583",
"references": [
{
"source": "PSIRT@sonicwall.com",
"tags": [
"Vendor Advisory"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0030"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0030"
}
],
"sourceIdentifier": "PSIRT@sonicwall.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-204"
}
],
"source": "PSIRT@sonicwall.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2021-20049 (GCVE-0-2021-20049)
Vulnerability from cvelistv5
Published
2021-12-23 01:20
Modified
2024-08-03 17:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-204 - Observable Response Discrepancy
Summary
A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. This vulnerability impacts 10.2.1.2-24sv, 10.2.0.8-37sv and earlier 10.x versions.
References
| ▼ | URL | Tags |
|---|---|---|
| https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0030 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SonicWall | SonicWall SMA100 |
Version: 10.2.0.8-37sv and earlier Version: 10.2.1.2-24sv and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.418Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0030"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SonicWall SMA100",
"vendor": "SonicWall",
"versions": [
{
"status": "affected",
"version": "10.2.0.8-37sv and earlier"
},
{
"status": "affected",
"version": "10.2.1.2-24sv and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. This vulnerability impacts 10.2.1.2-24sv, 10.2.0.8-37sv and earlier 10.x versions."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-204",
"description": "CWE-204: Observable Response Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-23T01:20:09",
"orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
"shortName": "sonicwall"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0030"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT@sonicwall.com",
"ID": "CVE-2021-20049",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SonicWall SMA100",
"version": {
"version_data": [
{
"version_value": "10.2.0.8-37sv and earlier"
},
{
"version_value": "10.2.1.2-24sv and earlier"
}
]
}
}
]
},
"vendor_name": "SonicWall"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. This vulnerability impacts 10.2.1.2-24sv, 10.2.0.8-37sv and earlier 10.x versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-204: Observable Response Discrepancy"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0030",
"refsource": "CONFIRM",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0030"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
"assignerShortName": "sonicwall",
"cveId": "CVE-2021-20049",
"datePublished": "2021-12-23T01:20:09",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:30:07.418Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20050 (GCVE-0-2021-20050)
Vulnerability from cvelistv5
Published
2021-12-23 01:20
Modified
2024-08-03 17:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-284 - Improper Access Control
Summary
An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted management APIs being accessible without a user login, potentially exposing configuration meta-data.
References
| ▼ | URL | Tags |
|---|---|---|
| https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0031 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SonicWall | SonicWall SMA100 |
Version: 10.2.0.8-37sv and earlier Version: 10.2.1.2-24sv and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.388Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0031"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SonicWall SMA100",
"vendor": "SonicWall",
"versions": [
{
"status": "affected",
"version": "10.2.0.8-37sv and earlier"
},
{
"status": "affected",
"version": "10.2.1.2-24sv and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted management APIs being accessible without a user login, potentially exposing configuration meta-data."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-23T01:20:11",
"orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
"shortName": "sonicwall"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0031"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT@sonicwall.com",
"ID": "CVE-2021-20050",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SonicWall SMA100",
"version": {
"version_data": [
{
"version_value": "10.2.0.8-37sv and earlier"
},
{
"version_value": "10.2.1.2-24sv and earlier"
}
]
}
}
]
},
"vendor_name": "SonicWall"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted management APIs being accessible without a user login, potentially exposing configuration meta-data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284: Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0031",
"refsource": "CONFIRM",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0031"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
"assignerShortName": "sonicwall",
"cveId": "CVE-2021-20050",
"datePublished": "2021-12-23T01:20:11",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:30:07.388Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}