CVE-2021-20027

EPSS 0.43%
Published 14.06.2021 23:15:07
Last modified 21.11.2024 05:45:48
Source PSIRT@sonicwall.com
Teams watchlist Login
Open Login

A buffer overflow vulnerability in SonicOS allows a remote attacker to cause a Denial of Service (DoS) by sending a specially crafted request. This vulnerability affects SonicOS Gen5, Gen6, Gen7 platforms, and SonicOSv virtual firewalls.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Sonicwall ≫ Sonicos Version <= 7.0.1-r1262

   Sonicwall ≫ Nsa 2650 Version-
   Sonicwall ≫ Nsa 2700 Version-
   Sonicwall ≫ Nsa 3650 Version-
   Sonicwall ≫ Nsa 3700 Version-
   Sonicwall ≫ Nsa 4650 Version-
   Sonicwall ≫ Nsa 4700 Version-
   Sonicwall ≫ Nsa 5650 Version-
   Sonicwall ≫ Nsa 6650 Version-
   Sonicwall ≫ Nsa 6700 Version-
   Sonicwall ≫ Nsa 9250 Version-
   Sonicwall ≫ Nsa 9450 Version-
   Sonicwall ≫ Nsa 9650 Version-
   Sonicwall ≫ Tz270 Version-
   Sonicwall ≫ Tz270w Version-
   Sonicwall ≫ Tz300 Version-
   Sonicwall ≫ Tz300p Version-
   Sonicwall ≫ Tz300w Version-
   Sonicwall ≫ Tz350 Version-
   Sonicwall ≫ Tz350w Version-
   Sonicwall ≫ Tz370 Version-
   Sonicwall ≫ Tz370w Version-
   Sonicwall ≫ Tz400 Version-
   Sonicwall ≫ Tz400w Version-
   Sonicwall ≫ Tz470 Version-
   Sonicwall ≫ Tz470w Version-
   Sonicwall ≫ Tz500 Version-
   Sonicwall ≫ Tz500w Version-
   Sonicwall ≫ Tz570 Version-
   Sonicwall ≫ Tz570p Version-
   Sonicwall ≫ Tz570w Version-
   Sonicwall ≫ Tz600 Version-
   Sonicwall ≫ Tz600p Version-
   Sonicwall ≫ Tz670 Version-

Sonicwall ≫ Sonicos Version <= 7.0.1-r.1219

   Sonicwall ≫ Nsv 10 Version-
   Sonicwall ≫ Nsv 100 Version-
   Sonicwall ≫ Nsv 1600 Version-
   Sonicwall ≫ Nsv 200 Version-
   Sonicwall ≫ Nsv 25 Version-
   Sonicwall ≫ Nsv 270 Version-
   Sonicwall ≫ Nsv 300 Version-
   Sonicwall ≫ Nsv 400 Version-
   Sonicwall ≫ Nsv 470 Version-
   Sonicwall ≫ Nsv 50 Version-
   Sonicwall ≫ Nsv 800 Version-
   Sonicwall ≫ Nsv 870 Version-

Sonicwall ≫ Sonicos Version <= 7.0.1-r514

   Sonicwall ≫ Nssp 12400 Version-
   Sonicwall ≫ Nssp 12800 Version-
   Sonicwall ≫ Nssp 13700 Version-
   Sonicwall ≫ Nssp 15700 Version-

Sonicwall ≫ Sonicos Version <= 5.9.1.13

   Sonicwall ≫ Nsa 2650 Version-
   Sonicwall ≫ Nsa 2700 Version-
   Sonicwall ≫ Nsa 3650 Version-
   Sonicwall ≫ Nsa 3700 Version-
   Sonicwall ≫ Nsa 4650 Version-
   Sonicwall ≫ Nsa 4700 Version-
   Sonicwall ≫ Nsa 5650 Version-
   Sonicwall ≫ Nsa 6650 Version-
   Sonicwall ≫ Nsa 6700 Version-
   Sonicwall ≫ Nsa 9250 Version-
   Sonicwall ≫ Nsa 9450 Version-
   Sonicwall ≫ Nsa 9650 Version-
   Sonicwall ≫ Soho 250 Version-
   Sonicwall ≫ Soho 250w Version-
   Sonicwall ≫ Tz270 Version-
   Sonicwall ≫ Tz270w Version-
   Sonicwall ≫ Tz300 Version-
   Sonicwall ≫ Tz300p Version-
   Sonicwall ≫ Tz300w Version-
   Sonicwall ≫ Tz350 Version-
   Sonicwall ≫ Tz350w Version-
   Sonicwall ≫ Tz370 Version-
   Sonicwall ≫ Tz370w Version-
   Sonicwall ≫ Tz400 Version-
   Sonicwall ≫ Tz400w Version-
   Sonicwall ≫ Tz470 Version-
   Sonicwall ≫ Tz470w Version-
   Sonicwall ≫ Tz500 Version-
   Sonicwall ≫ Tz500w Version-
   Sonicwall ≫ Tz570 Version-
   Sonicwall ≫ Tz570p Version-
   Sonicwall ≫ Tz570w Version-
   Sonicwall ≫ Tz600 Version-
   Sonicwall ≫ Tz600p Version-
   Sonicwall ≫ Tz670 Version-

Sonicwall ≫ Sonicos Version <= 6.5.1.12

   Sonicwall ≫ Nssp 12400 Version-
   Sonicwall ≫ Nssp 12800 Version-
   Sonicwall ≫ Supermassive 9800 Version-

Sonicwall ≫ Sonicos Version <= 6.5.4.7

   Sonicwall ≫ Nsa 2650 Version-
   Sonicwall ≫ Nsa 2700 Version-
   Sonicwall ≫ Nsa 3650 Version-
   Sonicwall ≫ Nsa 3700 Version-
   Sonicwall ≫ Nsa 4650 Version-
   Sonicwall ≫ Nsa 4700 Version-
   Sonicwall ≫ Nsa 5650 Version-
   Sonicwall ≫ Nsa 6650 Version-
   Sonicwall ≫ Nsa 6700 Version-
   Sonicwall ≫ Nsa 9250 Version-
   Sonicwall ≫ Nsa 9450 Version-
   Sonicwall ≫ Nsa 9650 Version-
   Sonicwall ≫ Soho 250 Version-
   Sonicwall ≫ Soho 250w Version-
   Sonicwall ≫ Supermassive 9200 Version-
   Sonicwall ≫ Supermassive 9400 Version-
   Sonicwall ≫ Supermassive 9600 Version-
   Sonicwall ≫ Tz270 Version-
   Sonicwall ≫ Tz270w Version-
   Sonicwall ≫ Tz300 Version-
   Sonicwall ≫ Tz300p Version-
   Sonicwall ≫ Tz300w Version-
   Sonicwall ≫ Tz350 Version-
   Sonicwall ≫ Tz350w Version-
   Sonicwall ≫ Tz370 Version-
   Sonicwall ≫ Tz370w Version-
   Sonicwall ≫ Tz400 Version-
   Sonicwall ≫ Tz400w Version-
   Sonicwall ≫ Tz470 Version-
   Sonicwall ≫ Tz470w Version-
   Sonicwall ≫ Tz500 Version-
   Sonicwall ≫ Tz500w Version-
   Sonicwall ≫ Tz570 Version-
   Sonicwall ≫ Tz570p Version-
   Sonicwall ≫ Tz570w Version-
   Sonicwall ≫ Tz600 Version-
   Sonicwall ≫ Tz600p Version-
   Sonicwall ≫ Tz670 Version-

Sonicwall ≫ Sonicos

Sonicwall ≫ Sonicos Version <= 6.0.5.3-94o

   Sonicwall ≫ Supermassive E10200 Version-
   Sonicwall ≫ Supermassive E10400 Version-
   Sonicwall ≫ Supermassive E10800 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.43%	0.62

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0016

Vendor Advisory

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2021-20027

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-20027

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-20027

EUVD