ID

VAR-202112-0730


CVE

CVE-2021-20042


TITLE

plural  SonicWALL  Vulnerability related to external controllable references to other space resources in appliances

Trust: 0.8

sources: JVNDB: JVNDB-2021-016105

DESCRIPTION

An unauthenticated remote attacker can use SMA 100 as an unintended proxy or intermediary undetectable proxy to bypass firewall rules. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. plural SonicWALL Appliances contain an external controllable reference vulnerability to other space resources.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Sonicwall SMA100 is a secure access gateway device from Sonicwall Company in the United States

Trust: 2.16

sources: NVD: CVE-2021-20042 // JVNDB: JVNDB-2021-016105 // CNVD: CNVD-2022-08929

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-08929

AFFECTED PRODUCTS

vendor:sonicwallmodel:sma200scope: - version: -

Trust: 1.4

vendor:sonicwallmodel:sma410scope: - version: -

Trust: 1.4

vendor:sonicwallmodel:sma500vscope: - version: -

Trust: 1.4

vendor:sonicwallmodel:sma400scope: - version: -

Trust: 1.4

vendor:sonicwallmodel:sma 410scope:eqversion:9.0.0.11-31sv

Trust: 1.0

vendor:sonicwallmodel:sma 200scope:eqversion:9.0.0.11-31sv

Trust: 1.0

vendor:sonicwallmodel:sma 400scope:eqversion:9.0.0.11-31sv

Trust: 1.0

vendor:sonicwallmodel:sma 500vscope:eqversion:10.2.1.1-19sv

Trust: 1.0

vendor:sonicwallmodel:sma 410scope:eqversion:10.2.0.8-37sv

Trust: 1.0

vendor:sonicwallmodel:sma 200scope:eqversion:10.2.0.8-37sv

Trust: 1.0

vendor:sonicwallmodel:sma 400scope:eqversion:10.2.0.8-37sv

Trust: 1.0

vendor:sonicwallmodel:sma 210scope:eqversion:10.2.1.1-19sv

Trust: 1.0

vendor:sonicwallmodel:sma 500vscope:eqversion:9.0.0.11-31sv

Trust: 1.0

vendor:sonicwallmodel:sma 200scope:eqversion:10.2.1.1-19sv

Trust: 1.0

vendor:sonicwallmodel:sma 210scope:eqversion:9.0.0.11-31sv

Trust: 1.0

vendor:sonicwallmodel:sma 400scope:eqversion:10.2.1.1-19sv

Trust: 1.0

vendor:sonicwallmodel:sma 500vscope:eqversion:10.2.0.8-37sv

Trust: 1.0

vendor:sonicwallmodel:sma 410scope:eqversion:10.2.1.1-19sv

Trust: 1.0

vendor:sonicwallmodel:sma 210scope:eqversion:10.2.0.8-37sv

Trust: 1.0

vendor:sonicwallmodel:sma210scope: - version: -

Trust: 0.8

vendor:sonicwallmodel:sma100scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2022-08929 // JVNDB: JVNDB-2021-016105 // NVD: CVE-2021-20042

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-20042
value: CRITICAL

Trust: 1.0

NVD: CVE-2021-20042
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2022-08929
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202112-553
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2021-20042
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2022-08929
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-20042
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-20042
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-08929 // JVNDB: JVNDB-2021-016105 // CNNVD: CNNVD-202112-553 // NVD: CVE-2021-20042

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-441

Trust: 1.0

problemtype:Externally controllable reference to another region resource (CWE-610) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-016105 // NVD: CVE-2021-20042

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202112-553

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202112-553

PATCH

title:SNWLID-2021-0026url:https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026

Trust: 0.8

title:Patch for Unknown Vulnerability in SonicWall SMA100url:https://www.cnvd.org.cn/patchInfo/show/318166

Trust: 0.6

title:SonicWall SMA100 Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=173994

Trust: 0.6

sources: CNVD: CNVD-2022-08929 // JVNDB: JVNDB-2021-016105 // CNNVD: CNNVD-202112-553

EXTERNAL IDS

db:NVDid:CVE-2021-20042

Trust: 3.8

db:JVNDBid:JVNDB-2021-016105

Trust: 0.8

db:CNVDid:CNVD-2022-08929

Trust: 0.6

db:CS-HELPid:SB2021120713

Trust: 0.6

db:CNNVDid:CNNVD-202112-553

Trust: 0.6

sources: CNVD: CNVD-2022-08929 // JVNDB: JVNDB-2021-016105 // CNNVD: CNNVD-202112-553 // NVD: CVE-2021-20042

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2021-20042

Trust: 2.0

url:https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0026

Trust: 1.6

url:https://www.cybersecurity-help.cz/vdb/sb2021120713

Trust: 0.6

sources: CNVD: CNVD-2022-08929 // JVNDB: JVNDB-2021-016105 // CNNVD: CNNVD-202112-553 // NVD: CVE-2021-20042

SOURCES

db:CNVDid:CNVD-2022-08929
db:JVNDBid:JVNDB-2021-016105
db:CNNVDid:CNNVD-202112-553
db:NVDid:CVE-2021-20042

LAST UPDATE DATE

2024-08-14T13:23:03.915000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-08929date:2022-02-09T00:00:00
db:JVNDBid:JVNDB-2021-016105date:2022-12-06T08:36:00
db:CNNVDid:CNNVD-202112-553date:2023-06-27T00:00:00
db:NVDid:CVE-2021-20042date:2023-06-26T19:15:03.807

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-08929date:2022-02-09T00:00:00
db:JVNDBid:JVNDB-2021-016105date:2022-12-06T00:00:00
db:CNNVDid:CNNVD-202112-553date:2021-12-07T00:00:00
db:NVDid:CVE-2021-20042date:2021-12-08T10:15:08.053