ID

VAR-202112-0426


CVE

CVE-2021-20043


TITLE

plural  SonicWALL  Appliance out-of-bounds write vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-016104

DESCRIPTION

A Heap-based buffer overflow vulnerability in SonicWall SMA100 getBookmarks method allows a remote authenticated attacker to potentially execute code as the nobody user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. plural SonicWALL Appliances contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2021-20043 // JVNDB: JVNDB-2021-016104

AFFECTED PRODUCTS

vendor:sonicwallmodel:sma 500vscope:eqversion:10.2.1.1-19sv

Trust: 1.0

vendor:sonicwallmodel:sma 410scope:eqversion:10.2.0.8-37sv

Trust: 1.0

vendor:sonicwallmodel:sma 400scope:eqversion:10.2.0.8-37sv

Trust: 1.0

vendor:sonicwallmodel:sma 200scope:eqversion:10.2.0.8-37sv

Trust: 1.0

vendor:sonicwallmodel:sma 210scope:eqversion:10.2.1.1-19sv

Trust: 1.0

vendor:sonicwallmodel:sma 200scope:eqversion:10.2.1.1-19sv

Trust: 1.0

vendor:sonicwallmodel:sma 400scope:eqversion:10.2.1.1-19sv

Trust: 1.0

vendor:sonicwallmodel:sma 500vscope:eqversion:10.2.0.8-37sv

Trust: 1.0

vendor:sonicwallmodel:sma 410scope:eqversion:10.2.1.1-19sv

Trust: 1.0

vendor:sonicwallmodel:sma 210scope:eqversion:10.2.0.8-37sv

Trust: 1.0

vendor:sonicwallmodel:sma200scope: - version: -

Trust: 0.8

vendor:sonicwallmodel:sma410scope: - version: -

Trust: 0.8

vendor:sonicwallmodel:sma400scope: - version: -

Trust: 0.8

vendor:sonicwallmodel:sma500vscope: - version: -

Trust: 0.8

vendor:sonicwallmodel:sma210scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-016104 // NVD: CVE-2021-20043

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-20043
value: HIGH

Trust: 1.0

NVD: CVE-2021-20043
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202112-552
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2021-20043
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2021-20043
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-20043
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2021-016104 // CNNVD: CNNVD-202112-552 // NVD: CVE-2021-20043

PROBLEMTYPE DATA

problemtype:CWE-122

Trust: 1.0

problemtype:CWE-787

Trust: 1.0

problemtype:Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-016104 // NVD: CVE-2021-20043

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202112-552

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202112-552

PATCH

title:SNWLID-2021-0026url:https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026

Trust: 0.8

title:Sonicwall SMA100 Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=174192

Trust: 0.6

sources: JVNDB: JVNDB-2021-016104 // CNNVD: CNNVD-202112-552

EXTERNAL IDS

db:NVDid:CVE-2021-20043

Trust: 3.2

db:JVNDBid:JVNDB-2021-016104

Trust: 0.8

db:CS-HELPid:SB2021120713

Trust: 0.6

db:CNNVDid:CNNVD-202112-552

Trust: 0.6

sources: JVNDB: JVNDB-2021-016104 // CNNVD: CNNVD-202112-552 // NVD: CVE-2021-20043

REFERENCES

url:https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0026

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-20043

Trust: 1.4

url:https://www.cybersecurity-help.cz/vdb/sb2021120713

Trust: 0.6

sources: JVNDB: JVNDB-2021-016104 // CNNVD: CNNVD-202112-552 // NVD: CVE-2021-20043

SOURCES

db:JVNDBid:JVNDB-2021-016104
db:CNNVDid:CNNVD-202112-552
db:NVDid:CVE-2021-20043

LAST UPDATE DATE

2024-08-14T13:23:03.844000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2021-016104date:2022-12-06T08:31:00
db:CNNVDid:CNNVD-202112-552date:2021-12-15T00:00:00
db:NVDid:CVE-2021-20043date:2021-12-10T18:19:14.460

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2021-016104date:2022-12-06T00:00:00
db:CNNVDid:CNNVD-202112-552date:2021-12-07T00:00:00
db:NVDid:CVE-2021-20043date:2021-12-08T10:15:08.100