Details of VAR-202106-0812

ID

VAR-202106-0812

CVE

CVE-2021-20019

TITLE

SonicOS Information Disclosure Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-008479

DESCRIPTION

A vulnerability in SonicOS where the HTTP server response leaks partial memory by sending a crafted HTTP request, this can potentially lead to an internal sensitive data disclosure vulnerability. SonicOS Contains an information disclosure vulnerability.Information may be obtained. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Sonicwall SonicWall SonicOS is an operating system specially designed for SonicWall firewall devices by SonicWall (Sonicwall) in the United States

Trust: 2.25

sources: NVD: CVE-2021-20019 // JVNDB: JVNDB-2021-008479 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-377638

AFFECTED PRODUCTS

vendor:	sonicwall	model:	sonicos	scope:	gte	version:	7.0.0	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	eq	version:	6.5.4.7-83n	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	gte	version:	7.0.1	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	lt	version:	7.0.0.376	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	eq	version:	6.5.1.12-3n	Trust: 1.0
vendor:	sonicwall	model:	sonicosv	scope:	eq	version:	6.5.4.4-44v-21-955	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	eq	version:	6.0.5.3-94o	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	lt	version:	7.0.1-r1036	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	-	version:	-	Trust: 0.8
vendor:	sonicwall	model:	sonicosv	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-008479 // NVD: CVE-2021-20019

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-20019
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-20019
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202106-1546
value:	HIGH
Trust: 0.6
VULHUB:	VHN-377638
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-20019
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-377638
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-20019
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-20019
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-377638 // JVNDB: JVNDB-2021-008479 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-1546 // NVD: CVE-2021-20019

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.1
problemtype:	CWE-200	Trust: 1.0
problemtype:	information leak (CWE-200) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-377638 // JVNDB: JVNDB-2021-008479 // NVD: CVE-2021-20019

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202106-1546

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:	SNWLID-2021-0006	url:	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0006	Trust: 0.8
title:	SonicWall SonicOS Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=155540	Trust: 0.6

sources: JVNDB: JVNDB-2021-008479 // CNNVD: CNNVD-202106-1546

EXTERNAL IDS

db:	NVD	id:	CVE-2021-20019	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-008479	Trust: 0.8
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021062227	Trust: 0.6
db:	CNNVD	id:	CNNVD-202106-1546	Trust: 0.6
db:	VULHUB	id:	VHN-377638	Trust: 0.1

sources: VULHUB: VHN-377638 // JVNDB: JVNDB-2021-008479 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-1546 // NVD: CVE-2021-20019

REFERENCES

url:	https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0006	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-20019	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021062227	Trust: 0.6

sources: VULHUB: VHN-377638 // JVNDB: JVNDB-2021-008479 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-1546 // NVD: CVE-2021-20019

SOURCES

db:	VULHUB	id:	VHN-377638
db:	JVNDB	id:	JVNDB-2021-008479
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202106-1546
db:	NVD	id:	CVE-2021-20019

LAST UPDATE DATE

2024-08-14T12:08:07.642000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-377638	date:	2022-08-05T00:00:00
db:	JVNDB	id:	JVNDB-2021-008479	date:	2022-03-17T09:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202106-1546	date:	2022-08-08T00:00:00
db:	NVD	id:	CVE-2021-20019	date:	2022-08-05T15:17:24.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-377638	date:	2021-06-23T00:00:00
db:	JVNDB	id:	JVNDB-2021-008479	date:	2022-03-17T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202106-1546	date:	2021-06-22T00:00:00
db:	NVD	id:	CVE-2021-20019	date:	2021-06-23T22:15:08.323