Sign-up

ID

VAR-202104-0754


CVE

CVE-2021-20020


TITLE

SonicWall GMS  Authentication vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2021-005378

DESCRIPTION

A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root. SonicWall GMS Contains an authentication vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Sonicwall SonicWall Global Management System (GMS) is a set of global management system of American SonicWall (Sonicwall) company. The system enables rapid deployment and centralized management of Dell SonicWALL firewall, anti-spam, backup and recovery, and secure remote access solutions

Trust: 2.34

sources: NVD: CVE-2021-20020 // JVNDB: JVNDB-2021-005378 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-377639 // VULMON: CVE-2021-20020

AFFECTED PRODUCTS

vendor:sonicwallmodel:global management systemscope:eqversion:9.3

Trust: 1.8

vendor:sonicwallmodel:global management systemscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-005378 // NVD: CVE-2021-20020

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-20020
value: CRITICAL

Trust: 1.0

NVD: CVE-2021-20020
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202104-632
value: CRITICAL

Trust: 0.6

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

VULHUB: VHN-377639
value: HIGH

Trust: 0.1

VULMON: CVE-2021-20020
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-20020
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-377639
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-20020
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-20020
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-377639 // VULMON: CVE-2021-20020 // JVNDB: JVNDB-2021-005378 // CNNVD: CNNVD-202104-632 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-20020

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.1

problemtype:Improper authentication (CWE-287) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-377639 // JVNDB: JVNDB-2021-005378 // NVD: CVE-2021-20020

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202104-632

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202104-632

PATCH

title:SNWLID-2021-0009url:https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0009

Trust: 0.8

title:SonicWall Global Management System Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=147356

Trust: 0.6

sources: JVNDB: JVNDB-2021-005378 // CNNVD: CNNVD-202104-632

EXTERNAL IDS

db:NVDid:CVE-2021-20020

Trust: 3.4

db:JVNDBid:JVNDB-2021-005378

Trust: 0.8

db:CNNVDid:CNNVD-202104-632

Trust: 0.7

db:CS-HELPid:SB2021041209

Trust: 0.6

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:VULHUBid:VHN-377639

Trust: 0.1

db:VULMONid:CVE-2021-20020

Trust: 0.1

sources: VULHUB: VHN-377639 // VULMON: CVE-2021-20020 // JVNDB: JVNDB-2021-005378 // CNNVD: CNNVD-202104-632 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-20020

REFERENCES

url:https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0009

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-20020

Trust: 1.4

url:https://www.cybersecurity-help.cz/vdb/sb2021041209

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/287.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-377639 // VULMON: CVE-2021-20020 // JVNDB: JVNDB-2021-005378 // CNNVD: CNNVD-202104-632 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-20020

SOURCES

db:VULHUBid:VHN-377639
db:VULMONid:CVE-2021-20020
db:JVNDBid:JVNDB-2021-005378
db:CNNVDid:CNNVD-202104-632
db:CNNVDid:CNNVD-202104-975
db:NVDid:CVE-2021-20020

LAST UPDATE DATE

2024-11-23T21:31:01.229000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-377639date:2021-04-15T00:00:00
db:VULMONid:CVE-2021-20020date:2021-04-15T00:00:00
db:JVNDBid:JVNDB-2021-005378date:2021-12-13T09:08:00
db:CNNVDid:CNNVD-202104-632date:2021-04-16T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:NVDid:CVE-2021-20020date:2024-11-21T05:45:47.723

SOURCES RELEASE DATE

db:VULHUBid:VHN-377639date:2021-04-10T00:00:00
db:VULMONid:CVE-2021-20020date:2021-04-10T00:00:00
db:JVNDBid:JVNDB-2021-005378date:2021-12-13T00:00:00
db:CNNVDid:CNNVD-202104-632date:2021-04-10T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:NVDid:CVE-2021-20020date:2021-04-10T07:15:10.503