⚠ Actively exploited in ransomware campaigns
This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply updates per vendor instructions.. Due date: 2022-02-11.
CVE-2021-20038 — Stack-based Buffer Overflow in Sma100
Severity
9.8CRITICALNVD
EPSS
94.3%
top 0.06%
CISA KEV
KEVRansomware
Added 2022-01-28
Due 2022-02-11
Exploit
Exploited in wild
Active exploitation observed
Timeline
PublishedDec 8
KEV addedJan 28
KEV dueFeb 11
CISA Required Action: Apply updates per vendor instructions.
Description
A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv and earlier versions.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
Affected Packages6 packages
▶CVEListV5sonicwall/sonicwall_sma10010.2.0.8-37sv and earlier, 10.2.1.1-19sv and earlier, 10.2.1.2-24sv and earlier+2
🔴Vulnerability Details
3GHSA▶
GHSA-jmhc-vxg9-h2g4: A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attac↗2021-12-09
CVEList▶
CVE-2021-20038: A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attac↗2021-12-08
💥Exploits & PoCs
1Nuclei▶
SonicWall SMA100 Stack - Buffer Overflow/Remote Code Execution