Details of VAR-202109-0375

ID

VAR-202109-0375

CVE

CVE-2021-20035

TITLE

Pillow Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

DESCRIPTION

Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user which potentially leads to DoS. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Sonicwall SMA100 is a security access gateway device of American Sonicwall Company. An operating system command injection vulnerability exists in the SonicWall SMA100 series due to improper input validation in the SMA100 management interface

Trust: 1.62

sources: NVD: CVE-2021-20035 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-377654 // VULMON: CVE-2021-20035

AFFECTED PRODUCTS

vendor:	sonicwall	model:	sma 500v	scope:	lte	version:	10.2.1.0-17sv	Trust: 1.0
vendor:	sonicwall	model:	sma 200	scope:	lte	version:	10.2.1.0-17sv	Trust: 1.0
vendor:	sonicwall	model:	sma 400	scope:	lte	version:	10.2.1.0-17sv	Trust: 1.0
vendor:	sonicwall	model:	sma 210	scope:	gte	version:	10.2.1.0	Trust: 1.0
vendor:	sonicwall	model:	sma 500v	scope:	gte	version:	10.2.0.0	Trust: 1.0
vendor:	sonicwall	model:	sma 410	scope:	lte	version:	10.2.1.0-17sv	Trust: 1.0
vendor:	sonicwall	model:	sma 210	scope:	lte	version:	9.0.0.10-28sv	Trust: 1.0
vendor:	sonicwall	model:	sma 200	scope:	gte	version:	10.2.0.0	Trust: 1.0
vendor:	sonicwall	model:	sma 500v	scope:	lte	version:	9.0.0.10-28sv	Trust: 1.0
vendor:	sonicwall	model:	sma 200	scope:	lte	version:	9.0.0.10-28sv	Trust: 1.0
vendor:	sonicwall	model:	sma 400	scope:	lte	version:	9.0.0.10-28sv	Trust: 1.0
vendor:	sonicwall	model:	sma 400	scope:	gte	version:	10.2.1.0	Trust: 1.0
vendor:	sonicwall	model:	sma 210	scope:	lte	version:	10.2.0.7-34sv	Trust: 1.0
vendor:	sonicwall	model:	sma 410	scope:	lte	version:	9.0.0.10-28sv	Trust: 1.0
vendor:	sonicwall	model:	sma 210	scope:	gte	version:	10.2.0.0	Trust: 1.0
vendor:	sonicwall	model:	sma 200	scope:	gte	version:	10.2.1.0	Trust: 1.0
vendor:	sonicwall	model:	sma 410	scope:	gte	version:	10.2.1.0	Trust: 1.0
vendor:	sonicwall	model:	sma 400	scope:	lte	version:	10.2.0.7-34sv	Trust: 1.0
vendor:	sonicwall	model:	sma 200	scope:	lte	version:	10.2.0.7-34sv	Trust: 1.0
vendor:	sonicwall	model:	sma 500v	scope:	lte	version:	10.2.0.7-34sv	Trust: 1.0
vendor:	sonicwall	model:	sma 400	scope:	gte	version:	10.2.0.0	Trust: 1.0
vendor:	sonicwall	model:	sma 410	scope:	lte	version:	10.2.0.7-34sv	Trust: 1.0
vendor:	sonicwall	model:	sma 410	scope:	gte	version:	10.2.0.0	Trust: 1.0
vendor:	sonicwall	model:	sma 500v	scope:	gte	version:	10.2.1.0	Trust: 1.0
vendor:	sonicwall	model:	sma 210	scope:	lte	version:	10.2.1.0-17sv	Trust: 1.0

sources: NVD: CVE-2021-20035

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-20035
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202109-1662
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-377654
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-20035
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-377654
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-20035
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-377654 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-1662 // NVD: CVE-2021-20035

PROBLEMTYPE DATA

problemtype:

CWE-78

Trust: 1.1

sources: VULHUB: VHN-377654 // NVD: CVE-2021-20035

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202109-1662

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:

Sonicwall SMA100 Fixes for operating system command injection vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=164753

Trust: 0.6

sources: CNNVD: CNNVD-202109-1662

EXTERNAL IDS

db:	NVD	id:	CVE-2021-20035	Trust: 1.8
db:	CNNVD	id:	CNNVD-202109-1662	Trust: 0.7
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021092405	Trust: 0.6
db:	VULHUB	id:	VHN-377654	Trust: 0.1
db:	VULMON	id:	CVE-2021-20035	Trust: 0.1

sources: VULHUB: VHN-377654 // VULMON: CVE-2021-20035 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-1662 // NVD: CVE-2021-20035

REFERENCES

url:	https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0022	Trust: 1.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021092405	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-20035	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-377654 // VULMON: CVE-2021-20035 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-1662 // NVD: CVE-2021-20035

SOURCES

db:	VULHUB	id:	VHN-377654
db:	VULMON	id:	CVE-2021-20035
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202109-1662
db:	NVD	id:	CVE-2021-20035

LAST UPDATE DATE

2024-08-14T12:55:20.046000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-377654	date:	2021-10-06T00:00:00
db:	VULMON	id:	CVE-2021-20035	date:	2021-09-28T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202109-1662	date:	2021-10-08T00:00:00
db:	NVD	id:	CVE-2021-20035	date:	2021-10-06T17:29:36.947

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-377654	date:	2021-09-27T00:00:00
db:	VULMON	id:	CVE-2021-20035	date:	2021-09-27T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202109-1662	date:	2021-09-24T00:00:00
db:	NVD	id:	CVE-2021-20035	date:	2021-09-27T18:15:08.383