Details of VAR-202210-0910

ID

VAR-202210-0910

CVE

CVE-2021-20030

TITLE

SonicWALL of Global Management System Past traversal vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-018486

DESCRIPTION

SonicWall GMS is vulnerable to file path manipulation resulting that an unauthenticated attacker can gain access to web directory containing application's binaries and configuration files. SonicWALL of Global Management System Exists in a past traversal vulnerability.Information may be obtained

Trust: 1.71

sources: NVD: CVE-2021-20030 // JVNDB: JVNDB-2022-018486 // VULHUB: VHN-377649

AFFECTED PRODUCTS

vendor:	sonicwall	model:	global management system	scope:	lt	version:	9.3.2	Trust: 1.0
vendor:	sonicwall	model:	global management system	scope:	eq	version:	9.3.2	Trust: 0.8
vendor:	sonicwall	model:	global management system	scope:	-	version:	-	Trust: 0.8
vendor:	sonicwall	model:	global management system	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-018486 // NVD: CVE-2021-20030

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-20030
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-20030
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202210-789
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2021-20030
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-20030
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-018486 // CNNVD: CNNVD-202210-789 // NVD: CVE-2021-20030

PROBLEMTYPE DATA

problemtype:	CWE-22	Trust: 1.1
problemtype:	Path traversal (CWE-22) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-377649 // JVNDB: JVNDB-2022-018486 // NVD: CVE-2021-20030

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202210-789

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202210-789

PATCH

title:

SonicWALL Global Management System Repair measures for path traversal vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=210872

Trust: 0.6

sources: CNNVD: CNNVD-202210-789

EXTERNAL IDS

db:	NVD	id:	CVE-2021-20030	Trust: 3.3
db:	JVNDB	id:	JVNDB-2022-018486	Trust: 0.8
db:	CNNVD	id:	CNNVD-202210-789	Trust: 0.6
db:	VULHUB	id:	VHN-377649	Trust: 0.1

sources: VULHUB: VHN-377649 // JVNDB: JVNDB-2022-018486 // CNNVD: CNNVD-202210-789 // NVD: CVE-2021-20030

REFERENCES

url:	https://psirt.global.sonicwall.com/vuln-detail/snwlid-2022-0021	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2021-20030	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2021-20030/	Trust: 0.6

sources: VULHUB: VHN-377649 // JVNDB: JVNDB-2022-018486 // CNNVD: CNNVD-202210-789 // NVD: CVE-2021-20030

SOURCES

db:	VULHUB	id:	VHN-377649
db:	JVNDB	id:	JVNDB-2022-018486
db:	CNNVD	id:	CNNVD-202210-789
db:	NVD	id:	CVE-2021-20030

LAST UPDATE DATE

2024-08-14T14:30:57.318000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-377649	date:	2022-10-14T00:00:00
db:	JVNDB	id:	JVNDB-2022-018486	date:	2023-10-20T03:06:00
db:	CNNVD	id:	CNNVD-202210-789	date:	2022-10-17T00:00:00
db:	NVD	id:	CVE-2021-20030	date:	2022-10-14T16:34:01.890

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-377649	date:	2022-10-13T00:00:00
db:	JVNDB	id:	JVNDB-2022-018486	date:	2023-10-20T00:00:00
db:	CNNVD	id:	CNNVD-202210-789	date:	2022-10-13T00:00:00
db:	NVD	id:	CVE-2021-20030	date:	2022-10-13T11:15:09.747