Details of VAR-202112-0426

ID

VAR-202112-0426

CVE

CVE-2021-20043

TITLE

plural SonicWALL Appliance out-of-bounds write vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-016104

DESCRIPTION

A Heap-based buffer overflow vulnerability in SonicWall SMA100 getBookmarks method allows a remote authenticated attacker to potentially execute code as the nobody user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. plural SonicWALL Appliances contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2021-20043 // JVNDB: JVNDB-2021-016104

AFFECTED PRODUCTS

vendor:	sonicwall	model:	sma 500v	scope:	eq	version:	10.2.1.1-19sv	Trust: 1.0
vendor:	sonicwall	model:	sma 410	scope:	eq	version:	10.2.0.8-37sv	Trust: 1.0
vendor:	sonicwall	model:	sma 400	scope:	eq	version:	10.2.0.8-37sv	Trust: 1.0
vendor:	sonicwall	model:	sma 200	scope:	eq	version:	10.2.0.8-37sv	Trust: 1.0
vendor:	sonicwall	model:	sma 210	scope:	eq	version:	10.2.1.1-19sv	Trust: 1.0
vendor:	sonicwall	model:	sma 200	scope:	eq	version:	10.2.1.1-19sv	Trust: 1.0
vendor:	sonicwall	model:	sma 400	scope:	eq	version:	10.2.1.1-19sv	Trust: 1.0
vendor:	sonicwall	model:	sma 500v	scope:	eq	version:	10.2.0.8-37sv	Trust: 1.0
vendor:	sonicwall	model:	sma 410	scope:	eq	version:	10.2.1.1-19sv	Trust: 1.0
vendor:	sonicwall	model:	sma 210	scope:	eq	version:	10.2.0.8-37sv	Trust: 1.0
vendor:	sonicwall	model:	sma200	scope:	-	version:	-	Trust: 0.8
vendor:	sonicwall	model:	sma410	scope:	-	version:	-	Trust: 0.8
vendor:	sonicwall	model:	sma400	scope:	-	version:	-	Trust: 0.8
vendor:	sonicwall	model:	sma500v	scope:	-	version:	-	Trust: 0.8
vendor:	sonicwall	model:	sma210	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-016104 // NVD: CVE-2021-20043

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-20043
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-20043
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202112-552
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2021-20043
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2021-20043
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-20043
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2021-016104 // CNNVD: CNNVD-202112-552 // NVD: CVE-2021-20043

PROBLEMTYPE DATA

problemtype:	CWE-122	Trust: 1.0
problemtype:	CWE-787	Trust: 1.0
problemtype:	Out-of-bounds writing (CWE-787) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-016104 // NVD: CVE-2021-20043

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202112-552

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202112-552

PATCH

title:	SNWLID-2021-0026	url:	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026	Trust: 0.8
title:	Sonicwall SMA100 Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=174192	Trust: 0.6

sources: JVNDB: JVNDB-2021-016104 // CNNVD: CNNVD-202112-552

EXTERNAL IDS

db:	NVD	id:	CVE-2021-20043	Trust: 3.2
db:	JVNDB	id:	JVNDB-2021-016104	Trust: 0.8
db:	CS-HELP	id:	SB2021120713	Trust: 0.6
db:	CNNVD	id:	CNNVD-202112-552	Trust: 0.6

sources: JVNDB: JVNDB-2021-016104 // CNNVD: CNNVD-202112-552 // NVD: CVE-2021-20043

REFERENCES

url:	https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0026	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-20043	Trust: 1.4
url:	https://www.cybersecurity-help.cz/vdb/sb2021120713	Trust: 0.6

sources: JVNDB: JVNDB-2021-016104 // CNNVD: CNNVD-202112-552 // NVD: CVE-2021-20043

SOURCES

db:	JVNDB	id:	JVNDB-2021-016104
db:	CNNVD	id:	CNNVD-202112-552
db:	NVD	id:	CVE-2021-20043

LAST UPDATE DATE

2024-08-14T13:23:03.844000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2021-016104	date:	2022-12-06T08:31:00
db:	CNNVD	id:	CNNVD-202112-552	date:	2021-12-15T00:00:00
db:	NVD	id:	CVE-2021-20043	date:	2021-12-10T18:19:14.460

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2021-016104	date:	2022-12-06T00:00:00
db:	CNNVD	id:	CNNVD-202112-552	date:	2021-12-07T00:00:00
db:	NVD	id:	CVE-2021-20043	date:	2021-12-08T10:15:08.100