CVE-2021-20050 — Improper Access Control in Sma100

CWE-284 — Improper Access Control CWE-668 — Resource Exposure3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.2%

top 61.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sonicwall SMA 100 Firmware Sonicwall SMA 200 Firmware Sonicwall SMA 210 Firmware +4 more

Timeline

PublishedDec 23

Latest updateDec 24

Description

An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted management APIs being accessible without a user login, potentially exposing configuration meta-data.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages7 packages

▶NVDsonicwall/sma_100_firmware< 10.0.0.0+2

▶CVEListV5sonicwall/sonicwall_sma10010.2.0.8-37sv and earlier, 10.2.1.2-24sv and earlier+1

▶NVDsonicwall/sma_200_firmware< 10.0.0.0+2

▶NVDsonicwall/sma_210_firmware< 10.0.0.0+2

▶NVDsonicwall/sma_400_firmware< 10.0.0.0+2

🔴Vulnerability Details

GHSA

GHSA-v4vg-cx5m-vc5g: An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted management APIs being accessible without a user login, pote↗2021-12-24

▶

CVEList

CVE-2021-20050: An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted management APIs being accessible without a user login, pote↗2021-12-23

▶