CVE-2021-20031
published 2021-10-12CVE-2021-20031: A Host Header Redirection vulnerability in SonicOS potentially allows a remote attacker to redirect firewall management users to arbitrary web domains.
PriorityP344medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
13.04%
95.9th percentile
A Host Header Redirection vulnerability in SonicOS potentially allows a remote attacker to redirect firewall management users to arbitrary web domains.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sonicwall | sonicos | <= 7.0.1-r1262 | — |
| sonicwall | sonicos | <= 7.0.1-r1283 | — |
| sonicwall | sonicos | <= 7.0.1-r579 | — |
| sonicwall | sonicos | <= 6.5.4.7 | — |
| sonicwall | sonicos | <= 6.5.1.12 | — |
| sonicwall | sonicos | <= 6.0.5.3-94o | — |
| sonicwall | sonicos | <= 5.9.1.13 | — |
| sonicwall | sonicos | — | — |
| sonicwall | sonicos | — | — |
| sonicwall | sonicos | — | — |
| sonicwall | sonicos | — | — |
| sonicwall | sonicos | — | — |
| sonicwall | sonicos | — | — |
| sonicwall | sonicos | — | — |
| sonicwall | sonicos | — | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Sonicwall SonicOS 7.0 - Host Header Injection
exploitdb·2021-10-13·CVSS 6.1
CVE-2021-20031 [MEDIUM] Sonicwall SonicOS 7.0 - Host Header Injection
Sonicwall SonicOS 7.0 - Host Header Injection
---
# Exploit Title: Sonicwall SonicOS 7.0 - Host Header Injection
# Google Dork: inurl:"auth.html" intitle:"SonicWall"
# intitle:"SonicWall Analyzer Login"
# Discovered Date: 03/09/2020
# Reported Date: 07/09/2020
# Exploit Author: Ramikan
# Vendor Homepage:sonicwall.com
# Affected Devices: All SonicWall Next Gen 6 Devices
# Tested On: SonicWall NAS 6.2.5
# Affected Version: All SonicWall Next Gen 6 Devices till 6.5.3
# Fixed Version:Gen6 firmware 6.5.4.8-89n
# CVE : CVE-2021-20031
# CVSS v3:5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
# Category:Hardware, Web Apps
# Reference : https://github.com/Ramikan/Vulnerabilities/
Vulnerability 1: Host Header Injection
Description:
A Host Header Injection vulnerability may allow an attacker to spoof
Nuclei
SonicWall SonicOS 7.0 - Open Redirect
nuclei·CVSS 6.1
CVE-2021-20031 [MEDIUM] SonicWall SonicOS 7.0 - Open Redirect
SonicWall SonicOS 7.0 - Open Redirect
SonicWall SonicOS 7.0 contains an open redirect vulnerability. The values of the Host headers are implicitly set as trusted. An attacker can spoof a particular host header, allowing the attacker to render arbitrary links, obtain sensitive information, modify data, execute unauthorized operations. and/or possibly redirect a user to a malicious site.
Template:
id: CVE-2021-20031
info:
name: SonicWall SonicOS 7.0 - Open Redirect
author: gy741
severity: medium
description: SonicWall SonicOS 7.0 contains an open redirect vulnerability. The values of the Host headers are implicitly set as trusted. An attacker can spoof a particular host header, allowing the attacker to render arbitrary links, obtain sensitive information, modify data, execute unauthorize
No writeups or analysis indexed.
http://packetstormsecurity.com/files/164502/Sonicwall-SonicOS-7.0-Host-Header-Injection.htmlhttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0019http://packetstormsecurity.com/files/164502/Sonicwall-SonicOS-7.0-Host-Header-Injection.htmlhttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0019
2021-10-12
Published