9
CVE-2021-20044
- EPSS 6.25%
- Published 08.12.2021 10:15:08
- Last modified 21.11.2024 05:45:50
- Source PSIRT@sonicwall.com
- Teams watchlist Login
- Open Login
A post-authentication remote command injection vulnerability in SonicWall SMA100 allows a remote authenticated attacker to execute OS system commands in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.
Data is provided by the National Vulnerability Database (NVD)
Sonicwall ≫ Sma 200 Firmware Version10.2.0.8-37sv
Sonicwall ≫ Sma 200 Firmware Version10.2.1.1-19sv
Sonicwall ≫ Sma 210 Firmware Version10.2.0.8-37sv
Sonicwall ≫ Sma 210 Firmware Version10.2.1.1-19sv
Sonicwall ≫ Sma 410 Firmware Version10.2.0.8-37sv
Sonicwall ≫ Sma 410 Firmware Version10.2.1.1-19sv
Sonicwall ≫ Sma 400 Firmware Version10.2.0.8-37sv
Sonicwall ≫ Sma 400 Firmware Version10.2.1.1-19sv
Sonicwall ≫ Sma 500v Firmware Version10.2.0.8-37sv
Sonicwall ≫ Sma 500v Firmware Version10.2.1.1-19sv
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 6.25% | 0.906 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 9 | 8 | 10 |
AV:N/AC:L/Au:S/C:C/I:C/A:C
|
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.