⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.

CVE-2021-20039OS Command Injection in Sma100

CWE-78OS Command Injection5 documents5 sources
Severity
8.8HIGHNVD
EPSS
82.5%
top 0.77%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
6
Sonicwall Sma100Sonicwall SMA 200 FirmwareSonicwall SMA 210 Firmware+3 more
Timeline
PublishedDec 8
Latest updateJan 26

Description

Improper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert' POST http method allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages6 packages

CVEListV5sonicwall/sonicwall_sma1004 versions+3
NVDsonicwall/sma_500v_firmware10.2.0.8-37sv, 10.2.1.1-19sv, 9.0.0.11-31sv+2
NVDsonicwall/sma_200_firmware10.2.0.8-37sv, 10.2.1.1-19sv, 9.0.0.11-31sv+2
NVDsonicwall/sma_210_firmware10.2.0.8-37sv, 10.2.1.1-19sv, 9.0.0.11-31sv+2
NVDsonicwall/sma_400_firmware10.2.0.8-37sv, 10.2.1.1-19sv, 9.0.0.11-31sv+2

🔴Vulnerability Details

3
GHSA
GHSA-58fc-493g-jfwj: Improper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert' POST http method allows a remote authenticated atta2021-12-09
CVEList
CVE-2021-20039: Improper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert' POST http method allows a remote authenticated atta2021-12-08
VulnCheck
SonicWall sma_200_firmware Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')2021

🔍Detection Rules

1
Suricata
ET EXPLOIT SonicWall SMA Authenticated Command Injection Attempt CVE-2021-200392022-01-26
CVE-2021-20039 — OS Command Injection in Sma100 | cvebase