8.8
CVE-2021-20043
- EPSS 1.23%
- Published 08.12.2021 10:15:08
- Last modified 21.11.2024 05:45:50
- Source PSIRT@sonicwall.com
- Teams watchlist Login
- Open Login
A Heap-based buffer overflow vulnerability in SonicWall SMA100 getBookmarks method allows a remote authenticated attacker to potentially execute code as the nobody user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.
Data is provided by the National Vulnerability Database (NVD)
Sonicwall ≫ Sma 200 Firmware Version10.2.0.8-37sv
Sonicwall ≫ Sma 200 Firmware Version10.2.1.1-19sv
Sonicwall ≫ Sma 210 Firmware Version10.2.0.8-37sv
Sonicwall ≫ Sma 210 Firmware Version10.2.1.1-19sv
Sonicwall ≫ Sma 410 Firmware Version10.2.0.8-37sv
Sonicwall ≫ Sma 410 Firmware Version10.2.1.1-19sv
Sonicwall ≫ Sma 400 Firmware Version10.2.0.8-37sv
Sonicwall ≫ Sma 400 Firmware Version10.2.1.1-19sv
Sonicwall ≫ Sma 500v Firmware Version10.2.0.8-37sv
Sonicwall ≫ Sma 500v Firmware Version10.2.1.1-19sv
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.23% | 0.784 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
CWE-122 Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.