CVE-2021-20035

2021-09-2717:20:12

CWE-78

sonicwall

www.cve.org

sma100

remote attacker

arbitrary commands

dos

AI Score

6.6

Confidence

High

EPSS

0.002

Percentile

58.7%

JSON

Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a ‘nobody’ user which potentially leads to DoS.

CNA Affected

[
  {
    "product": "SMA100",
    "vendor": "SonicWall",
    "versions": [
      {
        "status": "affected",
        "version": "9.0.0.10-28sv and earlier"
      },
      {
        "status": "affected",
        "version": "10.2.0.7-34sv and earlier"
      },
      {
        "status": "affected",
        "version": "10.2.1.0-17sv and earlier"
      }
    ]
  }
]

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0022