ID

VAR-202102-0898


CVE

CVE-2021-20016


TITLE

SonicWall SSLVPN SMA100  In the product  SQL  Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-003143

DESCRIPTION

A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x. SonicWall SSLVPN SMA100 The product has SQL An injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Sonicwall SMA100 is a security access gateway device of American Sonicwall Company

Trust: 1.8

sources: NVD: CVE-2021-20016 // JVNDB: JVNDB-2021-003143 // VULHUB: VHN-377635 // VULMON: CVE-2021-20016

AFFECTED PRODUCTS

vendor:sonicwallmodel:sma 410scope:eqversion: -

Trust: 1.0

vendor:sonicwallmodel:sma 100scope:ltversion:10.2.0.5-d-29sv

Trust: 1.0

vendor:sonicwallmodel:sma 210scope:eqversion: -

Trust: 1.0

vendor:sonicwallmodel:sma 400scope:eqversion: -

Trust: 1.0

vendor:sonicwallmodel:sma 100scope:gteversion:10.0.0.0

Trust: 1.0

vendor:sonicwallmodel:sma 500vscope:eqversion: -

Trust: 1.0

vendor:sonicwallmodel:sma 200scope:eqversion: -

Trust: 1.0

vendor:sonicwallmodel:sma500vscope: - version: -

Trust: 0.8

vendor:sonicwallmodel:sma210scope: - version: -

Trust: 0.8

vendor:sonicwallmodel:sma200scope: - version: -

Trust: 0.8

vendor:sonicwallmodel:sma410scope: - version: -

Trust: 0.8

vendor:sonicwallmodel:sma100scope: - version: -

Trust: 0.8

vendor:sonicwallmodel:sma400scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-003143 // NVD: CVE-2021-20016

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-20016
value: CRITICAL

Trust: 1.0

NVD: CVE-2021-20016
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202102-394
value: CRITICAL

Trust: 0.6

VULHUB: VHN-377635
value: HIGH

Trust: 0.1

VULMON: CVE-2021-20016
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-20016
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-377635
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-20016
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-20016
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-377635 // VULMON: CVE-2021-20016 // JVNDB: JVNDB-2021-003143 // CNNVD: CNNVD-202102-394 // NVD: CVE-2021-20016

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.1

problemtype:SQL injection (CWE-89) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-377635 // JVNDB: JVNDB-2021-003143 // NVD: CVE-2021-20016

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202102-394

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-202102-394

PATCH

title:SNWLID-2021-0001url:https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0001

Trust: 0.8

title:Sonicwall SMA100 SQL Repair measures for injecting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=141126

Trust: 0.6

title:Fireeye Threat Researchurl:https://www.fireeye.com/blog/threat-research/2021/05/shining-a-light-on-darkside-ransomware-operations.html

Trust: 0.1

title:Fireeye Threat Researchurl:https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html

Trust: 0.1

sources: VULMON: CVE-2021-20016 // JVNDB: JVNDB-2021-003143 // CNNVD: CNNVD-202102-394

EXTERNAL IDS

db:NVDid:CVE-2021-20016

Trust: 2.6

db:JVNDBid:JVNDB-2021-003143

Trust: 0.8

db:CNNVDid:CNNVD-202102-394

Trust: 0.7

db:VULHUBid:VHN-377635

Trust: 0.1

db:VULMONid:CVE-2021-20016

Trust: 0.1

sources: VULHUB: VHN-377635 // VULMON: CVE-2021-20016 // JVNDB: JVNDB-2021-003143 // CNNVD: CNNVD-202102-394 // NVD: CVE-2021-20016

REFERENCES

url:https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0001

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-20016

Trust: 1.4

url:https://cwe.mitre.org/data/definitions/89.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html

Trust: 0.1

sources: VULHUB: VHN-377635 // VULMON: CVE-2021-20016 // JVNDB: JVNDB-2021-003143 // CNNVD: CNNVD-202102-394 // NVD: CVE-2021-20016

SOURCES

db:VULHUBid:VHN-377635
db:VULMONid:CVE-2021-20016
db:JVNDBid:JVNDB-2021-003143
db:CNNVDid:CNNVD-202102-394
db:NVDid:CVE-2021-20016

LAST UPDATE DATE

2024-08-14T14:44:32.912000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-377635date:2021-02-08T00:00:00
db:VULMONid:CVE-2021-20016date:2021-02-08T00:00:00
db:JVNDBid:JVNDB-2021-003143date:2021-10-19T07:03:00
db:CNNVDid:CNNVD-202102-394date:2021-02-09T00:00:00
db:NVDid:CVE-2021-20016date:2021-02-08T14:40:46.170

SOURCES RELEASE DATE

db:VULHUBid:VHN-377635date:2021-02-04T00:00:00
db:VULMONid:CVE-2021-20016date:2021-02-04T00:00:00
db:JVNDBid:JVNDB-2021-003143date:2021-10-19T00:00:00
db:CNNVDid:CNNVD-202102-394date:2021-02-04T00:00:00
db:NVDid:CVE-2021-20016date:2021-02-04T06:15:13.817