CVE-2021-20031

🗓️ 12 Oct 2021 22:55:09Reported by sonicwallType

A Host Header Redirection vulnerability in SonicOS potentially allows a remote attacker to redirect firewall management users to arbitrary web domains. NV

Reporter	Title	Published	Views	Family All 13
0day.today	Sonicwall SonicOS 7.0 - Host Header Injection Vulnerability	13 Oct 202100:00	–	zdt
Circl	CVE-2021-20031	13 Oct 202102:25	–	circl
CNNVD	SonicOS 输入验证错误漏洞	12 Oct 202100:00	–	cnnvd
Cvelist	CVE-2021-20031	12 Oct 202122:55	–	cvelist
Exploit DB	Sonicwall SonicOS 7.0 - Host Header Injection	13 Oct 202100:00	–	exploitdb
NCSC	Vulnerability fixed in SonicOS	13 Oct 202100:00	–	ncsc
Nuclei	SonicWall SonicOS 7.0 - Open Redirect	8 Jun 202604:09	–	nuclei
NVD	CVE-2021-20031	12 Oct 202123:15	–	nvd
OSV	CVE-2021-20031	12 Oct 202123:15	–	osv
Packet Storm	Sonicwall SonicOS 7.0 Host Header Injection	13 Oct 202100:00	–	packetstorm

NVD

Vulners

Node

sonicwall sonicosRange≤7.0.1-r1262

AND

sonicwall nsa_2650Match-

sonicwall nsa_2700Match-

sonicwall nsa_3650Match-

sonicwall nsa_3700Match-

sonicwall nsa_4650Match-

sonicwall nsa_4700Match-

sonicwall nsa_5650Match-

sonicwall nsa_6650Match-

sonicwall nsa_6700Match-

sonicwall nsa_9250Match-

sonicwall nsa_9450Match-

sonicwall nsa_9650Match-

sonicwall tz270Match-

sonicwall tz270wMatch-

sonicwall tz300Match-

sonicwall tz300pMatch-

sonicwall tz300wMatch-

sonicwall tz350Match-

sonicwall tz350wMatch-

sonicwall tz370Match-

sonicwall tz370wMatch-

sonicwall tz400Match-

sonicwall tz400wMatch-

sonicwall tz470Match-

sonicwall tz470wMatch-

sonicwall tz500Match-

sonicwall tz500wMatch-

sonicwall tz570Match-

sonicwall tz570pMatch-

sonicwall tz570wMatch-

sonicwall tz600Match-

sonicwall tz600pMatch-

sonicwall tz670Match-

Node

sonicwall sonicosRange≤7.0.1-r1283

AND

sonicwall nsv_10Match-

sonicwall nsv_100Match-

sonicwall nsv_1600Match-

sonicwall nsv_200Match-

sonicwall nsv_25Match-

sonicwall nsv_270Match-

sonicwall nsv_300Match-

sonicwall nsv_400Match-

sonicwall nsv_470Match-

sonicwall nsv_50Match-

sonicwall nsv_800Match-

sonicwall nsv_870Match-

Node

sonicwall sonicosRange≤7.0.1-r579

AND

sonicwall nssp_12400Match-

sonicwall nssp_12800Match-

sonicwall nssp_13700Match-

sonicwall nssp_15700Match-

Node

sonicwall sonicosRange≤6.5.4.7

AND

sonicwall nsa_2650Match-

sonicwall nsa_2700Match-

sonicwall nsa_3650Match-

sonicwall nsa_3700Match-

sonicwall nsa_4650Match-

sonicwall nsa_4700Match-

sonicwall nsa_5650Match-

sonicwall nsa_6650Match-

sonicwall nsa_6700Match-

sonicwall nsa_9250Match-

sonicwall nsa_9450Match-

sonicwall nsa_9650Match-

sonicwall soho_250wMatch-

sonicwall supermassive_9200Match-

sonicwall supermassive_9400Match-

sonicwall supermassive_9600Match-

sonicwall supermassive_9800Match-

sonicwall tz270Match-

sonicwall tz270wMatch-

sonicwall tz300Match-

sonicwall tz300pMatch-

sonicwall tz300wMatch-

sonicwall tz350Match-

sonicwall tz350wMatch-

sonicwall tz370Match-

sonicwall tz370wMatch-

sonicwall tz400Match-

sonicwall tz400wMatch-

sonicwall tz470Match-

sonicwall tz470wMatch-

sonicwall tz500Match-

sonicwall tz500wMatch-

sonicwall tz570Match-

sonicwall tz570pMatch-

sonicwall tz570wMatch-

sonicwall tz600Match-

sonicwall tz600pMatch-

sonicwall tz670Match-

Node

sonicwall sonicosRange≤6.5.1.12

AND

sonicwall nssp_12400Match-

sonicwall nssp_12800Match-

sonicwall supermassive_9800Match-

Node

sonicwall sonicosRange≤6.0.5.3-94o

AND

sonicwall supermassive_e10200Match-

sonicwall supermassive_e10400Match-

sonicwall supermassive_e10800Match-

Node

sonicwall sonicosRange≤5.9.1.13

AND

sonicwall nsa_2650Match-

sonicwall nsa_2700Match-

sonicwall nsa_3650Match-

sonicwall nsa_3700Match-

sonicwall nsa_4650Match-

sonicwall nsa_4700Match-

sonicwall nsa_5650Match-

sonicwall nsa_6650Match-

sonicwall nsa_6700Match-

sonicwall nsa_9250Match-

sonicwall nsa_9450Match-

sonicwall nsa_9650Match-

sonicwall soho_250Match-

sonicwall soho_250wMatch-

sonicwall tz270Match-

sonicwall tz270wMatch-

sonicwall tz300Match-

sonicwall tz300pMatch-

sonicwall tz300wMatch-

sonicwall tz350Match-

sonicwall tz350wMatch-

sonicwall tz370Match-

sonicwall tz370wMatch-

sonicwall tz400Match-

sonicwall tz400wMatch-

sonicwall tz470Match-

sonicwall tz470wMatch-

sonicwall tz500Match-

sonicwall tz500wMatch-

[
  {
    "product": "SonicOS",
    "vendor": "SonicWall",
    "versions": [
      {
        "status": "affected",
        "version": "7.0.1-R1262 and earlier"
      },
      {
        "status": "affected",
        "version": "7.0.1-R1283 and earlier"
      },
      {
        "status": "affected",
        "version": "7.0.1-R579 and earlier"
      },
      {
        "status": "affected",
        "version": "6.5.4.7 and earlier"
      },
      {
        "status": "affected",
        "version": "6.5.1.12 and earlier"
      },
      {
        "status": "affected",
        "version": "6.0.5.3-94o and earlier"
      },
      {
        "status": "affected",
        "version": "6.5.4.4-44V-21-987 and earlier"
      },
      {
        "status": "affected",
        "version": "5.9.1.13 and earlier"
      }
    ]
  }
]

Source	Link
packetstormsecurity	www.packetstormsecurity.com/files/164502/Sonicwall-SonicOS-7.0-Host-Header-Injection.html
psirt	www.psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0019

21 Nov 2024 05:45Current

6.1Medium risk

Vulners AI Score6.1

CVSS 25.8

CVSS 3.16.1

EPSS0.36219

CWE-601