ID
VAR-202109-1777
CVE
CVE-2021-20034
TITLE
Pillow Buffer error vulnerability
Trust: 0.6
DESCRIPTION
An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Sonicwall SMA100 is a security access gateway device of American Sonicwall Company. An access control error vulnerability exists in the SonicWall SMA100 Series due to improper access restrictions in the SMA 100 management interface. SonicWall unauthenticated SMA100 arbitrary file delete vulnerability
Trust: 1.62
AFFECTED PRODUCTS
| vendor: | sonicwall | model: | sma 500v | scope: | lte | version: | 10.2.1.0-17sv | Trust: 1.0 |
| vendor: | sonicwall | model: | sma 200 | scope: | lte | version: | 10.2.1.0-17sv | Trust: 1.0 |
| vendor: | sonicwall | model: | sma 400 | scope: | lte | version: | 10.2.1.0-17sv | Trust: 1.0 |
| vendor: | sonicwall | model: | sma 210 | scope: | gte | version: | 10.2.1.0 | Trust: 1.0 |
| vendor: | sonicwall | model: | sma 500v | scope: | gte | version: | 10.2.0.0 | Trust: 1.0 |
| vendor: | sonicwall | model: | sma 410 | scope: | lte | version: | 10.2.1.0-17sv | Trust: 1.0 |
| vendor: | sonicwall | model: | sma 210 | scope: | lte | version: | 9.0.0.10-28sv | Trust: 1.0 |
| vendor: | sonicwall | model: | sma 200 | scope: | gte | version: | 10.2.0.0 | Trust: 1.0 |
| vendor: | sonicwall | model: | sma 500v | scope: | lte | version: | 9.0.0.10-28sv | Trust: 1.0 |
| vendor: | sonicwall | model: | sma 200 | scope: | lte | version: | 9.0.0.10-28sv | Trust: 1.0 |
| vendor: | sonicwall | model: | sma 400 | scope: | lte | version: | 9.0.0.10-28sv | Trust: 1.0 |
| vendor: | sonicwall | model: | sma 400 | scope: | gte | version: | 10.2.1.0 | Trust: 1.0 |
| vendor: | sonicwall | model: | sma 210 | scope: | lte | version: | 10.2.0.7-34sv | Trust: 1.0 |
| vendor: | sonicwall | model: | sma 410 | scope: | lte | version: | 9.0.0.10-28sv | Trust: 1.0 |
| vendor: | sonicwall | model: | sma 210 | scope: | gte | version: | 10.2.0.0 | Trust: 1.0 |
| vendor: | sonicwall | model: | sma 200 | scope: | gte | version: | 10.2.1.0 | Trust: 1.0 |
| vendor: | sonicwall | model: | sma 410 | scope: | gte | version: | 10.2.1.0 | Trust: 1.0 |
| vendor: | sonicwall | model: | sma 400 | scope: | lte | version: | 10.2.0.7-34sv | Trust: 1.0 |
| vendor: | sonicwall | model: | sma 200 | scope: | lte | version: | 10.2.0.7-34sv | Trust: 1.0 |
| vendor: | sonicwall | model: | sma 500v | scope: | lte | version: | 10.2.0.7-34sv | Trust: 1.0 |
| vendor: | sonicwall | model: | sma 400 | scope: | gte | version: | 10.2.0.0 | Trust: 1.0 |
| vendor: | sonicwall | model: | sma 410 | scope: | lte | version: | 10.2.0.7-34sv | Trust: 1.0 |
| vendor: | sonicwall | model: | sma 410 | scope: | gte | version: | 10.2.0.0 | Trust: 1.0 |
| vendor: | sonicwall | model: | sma 500v | scope: | gte | version: | 10.2.1.0 | Trust: 1.0 |
| vendor: | sonicwall | model: | sma 210 | scope: | lte | version: | 10.2.1.0-17sv | Trust: 1.0 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-22 | Trust: 1.1 |
| problemtype: | CWE-284 | Trust: 1.0 |
| problemtype: | CWE-269 | Trust: 0.1 |
THREAT TYPE
remote
Trust: 0.6
TYPE
other
Trust: 0.6
EXPLOIT AVAILABILITY
PATCH
| title: | Sonicwall SMA100 Fixes for access control error vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=164754 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2021-20034 | Trust: 1.8 |
| db: | PACKETSTORM | id: | 164564 | Trust: 1.7 |
| db: | EXPLOIT-DB | id: | 50430 | Trust: 0.7 |
| db: | CNNVD | id: | CNNVD-202109-1663 | Trust: 0.7 |
| db: | CS-HELP | id: | SB2021041363 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-202104-975 | Trust: 0.6 |
| db: | CS-HELP | id: | SB2021092406 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-377653 | Trust: 0.1 |
| db: | VULMON | id: | CVE-2021-20034 | Trust: 0.1 |
REFERENCES
| url: | http://packetstormsecurity.com/files/164564/sonicwall-sma-10.2.1.0-17sv-password-reset.html | Trust: 2.3 |
| url: | https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0021 | Trust: 1.8 |
| url: | https://www.cybersecurity-help.cz/vdb/sb2021041363 | Trust: 0.6 |
| url: | https://www.exploit-db.com/exploits/50430 | Trust: 0.6 |
| url: | https://www.cybersecurity-help.cz/vdb/sb2021092406 | Trust: 0.6 |
SOURCES
| db: | VULHUB | id: | VHN-377653 |
| db: | VULMON | id: | CVE-2021-20034 |
| db: | CNNVD | id: | CNNVD-202104-975 |
| db: | CNNVD | id: | CNNVD-202109-1663 |
| db: | NVD | id: | CVE-2021-20034 |
LAST UPDATE DATE
2024-08-14T12:25:58.888000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-377653 | date: | 2022-07-08T00:00:00 |
| db: | CNNVD | id: | CNNVD-202104-975 | date: | 2021-04-14T00:00:00 |
| db: | CNNVD | id: | CNNVD-202109-1663 | date: | 2022-07-11T00:00:00 |
| db: | NVD | id: | CVE-2021-20034 | date: | 2022-07-08T18:21:10.883 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-377653 | date: | 2021-09-27T00:00:00 |
| db: | CNNVD | id: | CNNVD-202104-975 | date: | 2021-04-13T00:00:00 |
| db: | CNNVD | id: | CNNVD-202109-1663 | date: | 2021-09-24T00:00:00 |
| db: | NVD | id: | CVE-2021-20034 | date: | 2021-09-27T18:15:08.327 |