ID

VAR-202112-0731


CVE

CVE-2021-20041


TITLE

plural  SonicWALL  Infinite loop vulnerability in appliances

Trust: 0.8

sources: JVNDB: JVNDB-2021-016106

DESCRIPTION

An unauthenticated and remote adversary can consume all of the device's CPU due to crafted HTTP requests sent to SMA100 /fileshare/sonicfiles/sonicfiles resulting in a loop with unreachable exit condition. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. plural SonicWALL Appliances contain an infinite loop vulnerability.Service operation interruption (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2021-20041 // JVNDB: JVNDB-2021-016106

AFFECTED PRODUCTS

vendor:sonicwallmodel:sma 410scope:eqversion:9.0.0.11-31sv

Trust: 1.0

vendor:sonicwallmodel:sma 200scope:eqversion:9.0.0.11-31sv

Trust: 1.0

vendor:sonicwallmodel:sma 400scope:eqversion:9.0.0.11-31sv

Trust: 1.0

vendor:sonicwallmodel:sma 500vscope:eqversion:10.2.1.1-19sv

Trust: 1.0

vendor:sonicwallmodel:sma 410scope:eqversion:10.2.0.8-37sv

Trust: 1.0

vendor:sonicwallmodel:sma 200scope:eqversion:10.2.0.8-37sv

Trust: 1.0

vendor:sonicwallmodel:sma 400scope:eqversion:10.2.0.8-37sv

Trust: 1.0

vendor:sonicwallmodel:sma 210scope:eqversion:10.2.1.1-19sv

Trust: 1.0

vendor:sonicwallmodel:sma 500vscope:eqversion:9.0.0.11-31sv

Trust: 1.0

vendor:sonicwallmodel:sma 200scope:eqversion:10.2.1.1-19sv

Trust: 1.0

vendor:sonicwallmodel:sma 210scope:eqversion:9.0.0.11-31sv

Trust: 1.0

vendor:sonicwallmodel:sma 400scope:eqversion:10.2.1.1-19sv

Trust: 1.0

vendor:sonicwallmodel:sma 500vscope:eqversion:10.2.0.8-37sv

Trust: 1.0

vendor:sonicwallmodel:sma 410scope:eqversion:10.2.1.1-19sv

Trust: 1.0

vendor:sonicwallmodel:sma 210scope:eqversion:10.2.0.8-37sv

Trust: 1.0

vendor:sonicwallmodel:sma200scope: - version: -

Trust: 0.8

vendor:sonicwallmodel:sma410scope: - version: -

Trust: 0.8

vendor:sonicwallmodel:sma400scope: - version: -

Trust: 0.8

vendor:sonicwallmodel:sma500vscope: - version: -

Trust: 0.8

vendor:sonicwallmodel:sma210scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-016106 // NVD: CVE-2021-20041

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-20041
value: HIGH

Trust: 1.0

NVD: CVE-2021-20041
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202112-554
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2021-20041
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2021-20041
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-20041
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2021-016106 // CNNVD: CNNVD-202112-554 // NVD: CVE-2021-20041

PROBLEMTYPE DATA

problemtype:CWE-835

Trust: 1.0

problemtype:infinite loop (CWE-835) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-016106 // NVD: CVE-2021-20041

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202112-554

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202112-554

PATCH

title:SNWLID-2021-0026url:https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026

Trust: 0.8

title:SonicWall SMA100 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=174396

Trust: 0.6

sources: JVNDB: JVNDB-2021-016106 // CNNVD: CNNVD-202112-554

EXTERNAL IDS

db:NVDid:CVE-2021-20041

Trust: 3.2

db:JVNDBid:JVNDB-2021-016106

Trust: 0.8

db:CS-HELPid:SB2021120713

Trust: 0.6

db:CNNVDid:CNNVD-202112-554

Trust: 0.6

sources: JVNDB: JVNDB-2021-016106 // CNNVD: CNNVD-202112-554 // NVD: CVE-2021-20041

REFERENCES

url:https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0026

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-20041

Trust: 1.4

url:https://www.cybersecurity-help.cz/vdb/sb2021120713

Trust: 0.6

sources: JVNDB: JVNDB-2021-016106 // CNNVD: CNNVD-202112-554 // NVD: CVE-2021-20041

SOURCES

db:JVNDBid:JVNDB-2021-016106
db:CNNVDid:CNNVD-202112-554
db:NVDid:CVE-2021-20041

LAST UPDATE DATE

2024-08-14T13:23:03.817000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2021-016106date:2022-12-06T08:41:00
db:CNNVDid:CNNVD-202112-554date:2021-12-15T00:00:00
db:NVDid:CVE-2021-20041date:2021-12-10T21:59:54.930

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2021-016106date:2022-12-06T00:00:00
db:CNNVDid:CNNVD-202112-554date:2021-12-07T00:00:00
db:NVDid:CVE-2021-20041date:2021-12-08T10:15:08.003