Sonicwall Sma100 Firmware vulnerabilities

5 known vulnerabilities affecting sonicwall/sma100_firmware.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2021-3450HIGHCVSS 7.4fixed in 10.2.1.0-17sv2021-03-25
CVE-2021-3450 [HIGH] CWE-295 CVE-2021-3450: The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation
nvd
CVE-2021-3449MEDIUMCVSS 5.9≥ 10.2.0.0, < 10.2.1.0-17sv2021-03-25
CVE-2021-3449 [MEDIUM] CWE-476 CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a cr
nvd
CVE-2021-20017HIGHCVSS 8.8≤ 10.2.0.52021-03-13
CVE-2021-20017 [HIGH] CWE-78 CVE-2021-20017: A post-authenticated command injection vulnerability in SonicWall SMA100 allows an authenticated att A post-authenticated command injection vulnerability in SonicWall SMA100 allows an authenticated attacker to execute OS commands as a 'nobody' user. This vulnerability impacts SMA100 version 10.2.0.5 and earlier.
nvd
CVE-2021-20018MEDIUMCVSS 4.9≤ 10.2.0.52021-03-13
CVE-2021-20018 [MEDIUM] CWE-200 CVE-2021-20018: A post-authenticated vulnerability in SonicWall SMA100 allows an attacker to export the configuratio A post-authenticated vulnerability in SonicWall SMA100 allows an attacker to export the configuration file to the specified email address. This vulnerability impacts SMA100 version 10.2.0.5 and earlier.
nvd
CVE-2020-5132MEDIUMCVSS 5.3v10.2.0.2-20svv12.4.0-22232020-09-30
CVE-2020-5132 [MEDIUM] CWE-200 CVE-2020-5132: SonicWall SSL-VPN products and SonicWall firewall SSL-VPN feature misconfiguration leads to possible SonicWall SSL-VPN products and SonicWall firewall SSL-VPN feature misconfiguration leads to possible DNS flaw known as domain name collision vulnerability. When the users publicly display their organization’s internal domain names in the SSL-VPN authentication page, an attacker with knowledge of internal domain names can potentially take advantage of
nvd