Details of VAR-202112-0730

ID

VAR-202112-0730

CVE

CVE-2021-20042

TITLE

plural SonicWALL Vulnerability related to external controllable references to other space resources in appliances

Trust: 0.8

sources: JVNDB: JVNDB-2021-016105

DESCRIPTION

An unauthenticated remote attacker can use SMA 100 as an unintended proxy or intermediary undetectable proxy to bypass firewall rules. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. plural SonicWALL Appliances contain an external controllable reference vulnerability to other space resources.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Sonicwall SMA100 is a secure access gateway device from Sonicwall Company in the United States

Trust: 2.16

sources: NVD: CVE-2021-20042 // JVNDB: JVNDB-2021-016105 // CNVD: CNVD-2022-08929

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-08929

AFFECTED PRODUCTS

vendor:	sonicwall	model:	sma200	scope:	-	version:	-	Trust: 1.4
vendor:	sonicwall	model:	sma410	scope:	-	version:	-	Trust: 1.4
vendor:	sonicwall	model:	sma500v	scope:	-	version:	-	Trust: 1.4
vendor:	sonicwall	model:	sma400	scope:	-	version:	-	Trust: 1.4
vendor:	sonicwall	model:	sma 410	scope:	eq	version:	9.0.0.11-31sv	Trust: 1.0
vendor:	sonicwall	model:	sma 200	scope:	eq	version:	9.0.0.11-31sv	Trust: 1.0
vendor:	sonicwall	model:	sma 400	scope:	eq	version:	9.0.0.11-31sv	Trust: 1.0
vendor:	sonicwall	model:	sma 500v	scope:	eq	version:	10.2.1.1-19sv	Trust: 1.0
vendor:	sonicwall	model:	sma 410	scope:	eq	version:	10.2.0.8-37sv	Trust: 1.0
vendor:	sonicwall	model:	sma 200	scope:	eq	version:	10.2.0.8-37sv	Trust: 1.0
vendor:	sonicwall	model:	sma 400	scope:	eq	version:	10.2.0.8-37sv	Trust: 1.0
vendor:	sonicwall	model:	sma 210	scope:	eq	version:	10.2.1.1-19sv	Trust: 1.0
vendor:	sonicwall	model:	sma 500v	scope:	eq	version:	9.0.0.11-31sv	Trust: 1.0
vendor:	sonicwall	model:	sma 200	scope:	eq	version:	10.2.1.1-19sv	Trust: 1.0
vendor:	sonicwall	model:	sma 210	scope:	eq	version:	9.0.0.11-31sv	Trust: 1.0
vendor:	sonicwall	model:	sma 400	scope:	eq	version:	10.2.1.1-19sv	Trust: 1.0
vendor:	sonicwall	model:	sma 500v	scope:	eq	version:	10.2.0.8-37sv	Trust: 1.0
vendor:	sonicwall	model:	sma 410	scope:	eq	version:	10.2.1.1-19sv	Trust: 1.0
vendor:	sonicwall	model:	sma 210	scope:	eq	version:	10.2.0.8-37sv	Trust: 1.0
vendor:	sonicwall	model:	sma210	scope:	-	version:	-	Trust: 0.8
vendor:	sonicwall	model:	sma100	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2022-08929 // JVNDB: JVNDB-2021-016105 // NVD: CVE-2021-20042

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-20042
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2021-20042
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2022-08929
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202112-553
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2021-20042
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2022-08929
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-20042
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-20042
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-08929 // JVNDB: JVNDB-2021-016105 // CNNVD: CNNVD-202112-553 // NVD: CVE-2021-20042

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-441	Trust: 1.0
problemtype:	Externally controllable reference to another region resource (CWE-610) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-016105 // NVD: CVE-2021-20042

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202112-553

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202112-553

PATCH

title:	SNWLID-2021-0026	url:	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026	Trust: 0.8
title:	Patch for Unknown Vulnerability in SonicWall SMA100	url:	https://www.cnvd.org.cn/patchInfo/show/318166	Trust: 0.6
title:	SonicWall SMA100 Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=173994	Trust: 0.6

sources: CNVD: CNVD-2022-08929 // JVNDB: JVNDB-2021-016105 // CNNVD: CNNVD-202112-553

EXTERNAL IDS

db:	NVD	id:	CVE-2021-20042	Trust: 3.8
db:	JVNDB	id:	JVNDB-2021-016105	Trust: 0.8
db:	CNVD	id:	CNVD-2022-08929	Trust: 0.6
db:	CS-HELP	id:	SB2021120713	Trust: 0.6
db:	CNNVD	id:	CNNVD-202112-553	Trust: 0.6

sources: CNVD: CNVD-2022-08929 // JVNDB: JVNDB-2021-016105 // CNNVD: CNNVD-202112-553 // NVD: CVE-2021-20042

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2021-20042	Trust: 2.0
url:	https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0026	Trust: 1.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021120713	Trust: 0.6

sources: CNVD: CNVD-2022-08929 // JVNDB: JVNDB-2021-016105 // CNNVD: CNNVD-202112-553 // NVD: CVE-2021-20042

SOURCES

db:	CNVD	id:	CNVD-2022-08929
db:	JVNDB	id:	JVNDB-2021-016105
db:	CNNVD	id:	CNNVD-202112-553
db:	NVD	id:	CVE-2021-20042

LAST UPDATE DATE

2024-08-14T13:23:03.915000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-08929	date:	2022-02-09T00:00:00
db:	JVNDB	id:	JVNDB-2021-016105	date:	2022-12-06T08:36:00
db:	CNNVD	id:	CNNVD-202112-553	date:	2023-06-27T00:00:00
db:	NVD	id:	CVE-2021-20042	date:	2023-06-26T19:15:03.807

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-08929	date:	2022-02-09T00:00:00
db:	JVNDB	id:	JVNDB-2021-016105	date:	2022-12-06T00:00:00
db:	CNNVD	id:	CNNVD-202112-553	date:	2021-12-07T00:00:00
db:	NVD	id:	CVE-2021-20042	date:	2021-12-08T10:15:08.053