7.5
CVSSv2

CVE-2021-20038

Published: 08/12/2021 Updated: 10/12/2021
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated malicious user to potentially execute code as a 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv and previous versions versions.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

sonicwall sma_200_firmware 10.2.0.8-37sv

sonicwall sma_200_firmware 10.2.1.1-19sv

sonicwall sma_200_firmware 10.2.1.2-24sv

sonicwall sma_210_firmware 10.2.0.8-37sv

sonicwall sma_210_firmware 10.2.1.1-19sv

sonicwall sma_210_firmware 10.2.1.2-24sv

sonicwall sma_410_firmware 10.2.0.8-37sv

sonicwall sma_410_firmware 10.2.1.1-19sv

sonicwall sma_410_firmware 10.2.1.2-24sv

sonicwall sma_400_firmware 10.2.0.8-37sv

sonicwall sma_400_firmware 10.2.1.1-19sv

sonicwall sma_400_firmware 10.2.1.2-24sv

sonicwall sma_500v_firmware 10.2.0.8-37sv

sonicwall sma_500v_firmware 10.2.1.1-19sv

sonicwall sma_500v_firmware 10.2.1.2-24sv

Mailing Lists

This Metasploit module exploits an authenticated command injection vulnerability in the SonicWall SMA 100 series web interface Exploitation results in command execution as root The affected versions are 10212-24sv and below, 10208-37sv and below, and 90011-31sv and below ...

Recent Articles

Critical SonicWall NAC Vulnerability Stems from Apache Mods
Threatpost • Elizabeth Montalbano • 11 Jan 2022

Rapid7 has offered up more details on a SonicWall critical flaw that allows for unauthenticated remote code execution (RCE) on affected devices, noting that it arises from tweaks that the vendor made to the Apache httpd server.
The bug (CVE-2021-20038) is one of five vulnerabilities discovered in its series of popular network access control (NAC) system products.
In October, Rapid7 lead security researcher Jake Baines discovered the flaws in Sonic Wall’s Secure Mobile Access (SMA) ...

Make sure you're up-to-date with Sonicwall SMA 100 VPN box patches – security hole exploit info is now out
The Register • Gareth Corfield • 11 Jan 2022

Get our weekly newsletter Nothing like topping off unauth'd remote code execution with a su password of ... password

Technical details and exploitation notes have been published for a remote-code-execution vulnerability in Sonicwall SMA 100 series VPN appliances.
The information was released today by infosec outfit Rapid7. This comes about a month after Sonicwall issued a patch for the security hole, which was discovered and privately disclosed by Rapid7's Jake Baines to Sonicwall in October.
If you haven't yet applied the update, now would be a good time before it's widely exploited. So far there ...

Critical SonicWall VPN Bugs Allow Complete Appliance Takeover
Threatpost • Tara Seals • 08 Dec 2021

Critical security vulnerabilities in SonicWall’s Secure Mobile Access (SMA) 100-series VPN appliances could allow an unauthenticated, remote user to execute code as root.
The SMA 100 line was created to provide end-to-end secure remote access to corporate resources, be they hosted on-prem, cloud or hybrid data centers. It also offers policy-enforced access control to applications after establishing user and device identity and trust.
The most severe of the bugs, officially an unaut...