5
CVSSv2

CVE-2021-20040

Published: 08/12/2021 Updated: 10/12/2021
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Summary

A relative path traversal vulnerability in the SMA100 upload funtion allows a remote unauthenticated malicious user to upload crafted web pages or files as a 'nobody' user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

sonicwall sma_200_firmware 10.2.0.8-37sv

sonicwall sma_200_firmware 10.2.1.1-19sv

sonicwall sma_210_firmware 10.2.0.8-37sv

sonicwall sma_210_firmware 10.2.1.1-19sv

sonicwall sma_410_firmware 10.2.0.8-37sv

sonicwall sma_410_firmware 10.2.1.1-19sv

sonicwall sma_400_firmware 10.2.0.8-37sv

sonicwall sma_400_firmware 10.2.1.1-19sv

sonicwall sma_500v_firmware 10.2.0.8-37sv

sonicwall sma_500v_firmware 10.2.1.1-19sv

Recent Articles

Critical SonicWall NAC Vulnerability Stems from Apache Mods
Threatpost • Elizabeth Montalbano • 11 Jan 2022

Rapid7 has offered up more details on a SonicWall critical flaw that allows for unauthenticated remote code execution (RCE) on affected devices, noting that it arises from tweaks that the vendor made to the Apache httpd server.
The bug (CVE-2021-20038) is one of five vulnerabilities discovered in its series of popular network access control (NAC) system products.
In October, Rapid7 lead security researcher Jake Baines discovered the flaws in Sonic Wall’s Secure Mobile Access (SMA) ...