Details of VAR-202103-0728

ID

VAR-202103-0728

CVE

CVE-2021-20018

TITLE

SonicWall SMA100 Authentication vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2021-004485

DESCRIPTION

A post-authenticated vulnerability in SonicWall SMA100 allows an attacker to export the configuration file to the specified email address. This vulnerability impacts SMA100 version 10.2.0.5 and earlier. SonicWall SMA100 Contains an authentication vulnerability.Information may be tampered with. SonicWall SMA100 is a secure access gateway device of SonicWALL in the United States

Trust: 2.16

sources: NVD: CVE-2021-20018 // JVNDB: JVNDB-2021-004485 // CNVD: CNVD-2021-29477

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-29477

AFFECTED PRODUCTS

vendor:	sonicwall	model:	sma100	scope:	lte	version:	10.2.0.5	Trust: 1.0
vendor:	sonicwall	model:	sma100	scope:	lte	version:	sma100 firmware 10.2.0.5 and earlier	Trust: 0.8
vendor:	sonicwall	model:	sma100	scope:	eq	version:	-	Trust: 0.8
vendor:	sonicwall	model:	sma100	scope:	lte	version:	<=10.2.0.5	Trust: 0.6

sources: CNVD: CNVD-2021-29477 // JVNDB: JVNDB-2021-004485 // NVD: CVE-2021-20018

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-20018
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-20018
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2021-29477
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202103-885
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2021-20018
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2021-29477
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-20018
baseSeverity:	MEDIUM
baseScore:	4.9
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	1.2
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-20018
baseSeverity:	MEDIUM
baseScore:	4.9
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-29477 // JVNDB: JVNDB-2021-004485 // CNNVD: CNNVD-202103-885 // NVD: CVE-2021-20018

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.0
problemtype:	CWE-287	Trust: 1.0
problemtype:	Improper authentication (CWE-287) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-004485 // NVD: CVE-2021-20018

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202103-885

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202103-885

PATCH

title:	SNWLID-2021-0005	url:	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0005	Trust: 0.8
title:	Patch for SonicWall SMA100 authorization issue vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/259586	Trust: 0.6
title:	Sonicwall SMA100 Remediation measures for authorization problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=144668	Trust: 0.6

sources: CNVD: CNVD-2021-29477 // JVNDB: JVNDB-2021-004485 // CNNVD: CNNVD-202103-885

EXTERNAL IDS

db:	NVD	id:	CVE-2021-20018	Trust: 3.0
db:	JVNDB	id:	JVNDB-2021-004485	Trust: 0.8
db:	CNVD	id:	CNVD-2021-29477	Trust: 0.6
db:	CNNVD	id:	CNNVD-202103-885	Trust: 0.6

sources: CNVD: CNVD-2021-29477 // JVNDB: JVNDB-2021-004485 // CNNVD: CNNVD-202103-885 // NVD: CVE-2021-20018

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2021-20018	Trust: 2.0
url:	https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0005	Trust: 1.6

sources: CNVD: CNVD-2021-29477 // JVNDB: JVNDB-2021-004485 // CNNVD: CNNVD-202103-885 // NVD: CVE-2021-20018

SOURCES

db:	CNVD	id:	CNVD-2021-29477
db:	JVNDB	id:	JVNDB-2021-004485
db:	CNNVD	id:	CNNVD-202103-885
db:	NVD	id:	CVE-2021-20018

LAST UPDATE DATE

2024-11-23T22:37:03.586000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-29477	date:	2021-04-19T00:00:00
db:	JVNDB	id:	JVNDB-2021-004485	date:	2021-11-22T09:10:00
db:	CNNVD	id:	CNNVD-202103-885	date:	2021-03-22T00:00:00
db:	NVD	id:	CVE-2021-20018	date:	2024-11-21T05:45:47.470

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-29477	date:	2021-04-19T00:00:00
db:	JVNDB	id:	JVNDB-2021-004485	date:	2021-11-22T00:00:00
db:	CNNVD	id:	CNNVD-202103-885	date:	2021-03-12T00:00:00
db:	NVD	id:	CVE-2021-20018	date:	2021-03-13T02:15:12.783