Issued: Monday, 13 December, 2021 |
Last Revision: Monday, 13 December, 2021 |
Vendor: |
Product: |
Severity Level: |
SonicWall has addressed eight vulnerabilities rated critical and medium severity (CVSS 5.3-9.8) in SMA 100 series appliances, which include the SMA 200, 210, 400, 410 and 500v models. Majority of these vulnerabilities affect WAF enabled appliances as well.
Out of eight reported vulnerabilities, CVE-2021-20038, CVE-2021-20043 and CVE-2021-20045 are most severe in nature.
These vulnerabilities could allow unauthenticated remote attacker to cause Heap-based and Stackbased Buffer Overflow and would result in code execution as the “nobody” user in the SMA100 appliance.
CVE/Vulnerability | Description | CVSS3.0 Score |
CVE-2021-20038 | Unauthenticated stack-based buffer overflow | 9.8 |
CVE-2021-20043 | Heap-based buffer overflow | 8.8 |
CVE-2021-20045 | Multiple unauthenticated heap- and stack-based buffer overflows | 9.4 |
CVE/Vulnerability | Affected Product(s) | Affected Version(s) |
CVE-2021-20038
| SMA 100 Series (SMA 200, 210, 400, 410, 500v) | 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv |
CVE-2021-20043
| SMA 100 Series (SMA 200, 210, 400, 410, 500v) | 10.2.0.8-37sv, 10.2.1.1-19sv |
CVE-2021-20045 | SMA 100 Series (SMA 200, 210, 400, 410, 500v) | 10.2.0.8-37sv, 10.2.1.1-19sv |
Organizations are recommended to identify the affected products and apply updates as soon as possible.