| Reporter | Title | Published | Views | Family All 13 |
|---|---|---|---|---|
| Sonicwall SonicOS 7.0 - Host Header Injection Vulnerability | 13 Oct 202100:00 | – | zdt | |
| CVE-2021-20031 | 13 Oct 202102:25 | – | circl | |
| SonicOS 输入验证错误漏洞 | 12 Oct 202100:00 | – | cnnvd | |
| CVE-2021-20031 | 12 Oct 202122:55 | – | cve | |
| CVE-2021-20031 | 12 Oct 202122:55 | – | cvelist | |
| Sonicwall SonicOS 7.0 - Host Header Injection | 13 Oct 202100:00 | – | exploitdb | |
| Vulnerability fixed in SonicOS | 13 Oct 202100:00 | – | ncsc | |
| CVE-2021-20031 | 12 Oct 202123:15 | – | nvd | |
| CVE-2021-20031 | 12 Oct 202123:15 | – | osv | |
| Sonicwall SonicOS 7.0 Host Header Injection | 13 Oct 202100:00 | – | packetstorm |
id: CVE-2021-20031
info:
name: SonicWall SonicOS 7.0 - Open Redirect
author: gy741
severity: medium
description: SonicWall SonicOS 7.0 contains an open redirect vulnerability. The values of the Host headers are implicitly set as trusted. An attacker can spoof a particular host header, allowing the attacker to render arbitrary links, obtain sensitive information, modify data, execute unauthorized operations. and/or possibly redirect a user to a malicious site.
impact: |
Attackers can redirect users to malicious sites, steal sensitive information, or perform unauthorized operations, leading to potential data breaches or phishing attacks.
remediation: |
Implement proper validation and sanitization of Host headers to prevent spoofing and open redirects.
reference:
- https://www.exploit-db.com/exploits/50414
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0019
- http://packetstormsecurity.com/files/164502/Sonicwall-SonicOS-7.0-Host-Header-Injection.html
- https://nvd.nist.gov/vuln/detail/CVE-2021-20031
- https://github.com/ARPSyndicate/cvemon
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2021-20031
cwe-id: CWE-601
epss-score: 0.13041
epss-percentile: 0.95874
cpe: cpe:2.3:h:sonicwall:nsa_2650:-:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: sonicwall
product: nsa_2650
google-query: inurl:"auth.html" intitle:"SonicWall"
tags: cve,cve2021,sonicwall,redirect,edb,packetstorm,vuln
http:
- method: GET
path:
- "{{BaseURL}}/"
headers:
Host: "{{randstr}}.tld"
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'https://{{randstr}}.tld/auth.html'
- 'Please be patient as you are being re-directed'
condition: and
- type: status
status:
- 200
# digest: 4b0a00483046022100da0903c9c0cd36beeb9f98015ae3d9a844dd62d9b19b43783dacf6aae9885580022100b899e8c19695b8ed13635caebf17106ab936f84fc5f856dff549e4bfb2380f96:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation