CVE-2021-20041

Description

An unauthenticated and remote adversary can consume all of the device's CPU due to crafted HTTP requests sent to SMA100 /fileshare/sonicfiles/sonicfiles resulting in a loop with unreachable exit condition. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.

Affected products

• SonicWall / SonicWall SMA1009.0.0.11-31sv and earlier – 9.0.0.11-31sv and earlier
• SonicWall / SonicWall SMA10010.2.0.8-37sv and earlier – 10.2.0.8-37sv and earlier
• SonicWall / SonicWall SMA10010.2.1.1-19sv and earlier – 10.2.1.1-19sv and earlier
• SonicWall / SonicWall SMA10010.2.1.2-24sv and earlier – 10.2.1.2-24sv and earlier

References

• VENDOR_ADVISORYhttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026