CVE-2021-20039

HIGH8.8

High EPSS

Description

Improper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert' POST http method allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

SonicWall / SonicWall SMA1009.0.0.11-31sv and earlier – 9.0.0.11-31sv and earlier
SonicWall / SonicWall SMA10010.2.0.8-37sv and earlier – 10.2.0.8-37sv and earlier
SonicWall / SonicWall SMA10010.2.1.1-19sv and earlier – 10.2.1.1-19sv and earlier
SonicWall / SonicWall SMA10010.2.1.2-24sv and earlier – 10.2.1.2-24sv and earlier

References

VENDOR_ADVISORYhttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026
EXPLOIThttp://packetstormsecurity.com/files/165563/SonicWall-SMA-100-Series-Authenticated-Command-Injection.html