Lucene search

[email protected]NVD:CVE-2021-20031

HistoryOct 12, 2021 - 11:15 p.m.

CVE-2021-20031

2021-10-1223:15:07

CWE-601

[email protected]

web.nvd.nist.gov

sonicos

host header redirection

remote attacker

firewall management

web domains

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.019

Percentile

88.6%

JSON

A Host Header Redirection vulnerability in SonicOS potentially allows a remote attacker to redirect firewall management users to arbitrary web domains.

Affected configurations

Nvd

Node

sonicwallnsa_2650Match-

sonicwallnsa_2700Match-

sonicwallnsa_3650Match-

sonicwallnsa_3700Match-

sonicwallnsa_4650Match-

sonicwallnsa_4700Match-

sonicwallnsa_5650Match-

sonicwallnsa_6650Match-

sonicwallnsa_6700Match-

sonicwallnsa_9250Match-

sonicwallnsa_9450Match-

sonicwallnsa_9650Match-

sonicwalltz270Match-

sonicwalltz270wMatch-

sonicwalltz300Match-

sonicwalltz300pMatch-

sonicwalltz300wMatch-

sonicwalltz350Match-

sonicwalltz350wMatch-

sonicwalltz370Match-

sonicwalltz370wMatch-

sonicwalltz400Match-

sonicwalltz400wMatch-

sonicwalltz470Match-

sonicwalltz470wMatch-

sonicwalltz500Match-

sonicwalltz500wMatch-

sonicwalltz570Match-

sonicwalltz570pMatch-

sonicwalltz570wMatch-

sonicwalltz600Match-

sonicwalltz600pMatch-

sonicwalltz670Match-

AND

sonicwallsonicosRange≤7.0.1-r1262

Node

sonicwallnsv_10Match-

sonicwallnsv_100Match-

sonicwallnsv_1600Match-

sonicwallnsv_200Match-

sonicwallnsv_25Match-

sonicwallnsv_270Match-

sonicwallnsv_300Match-

sonicwallnsv_400Match-

sonicwallnsv_470Match-

sonicwallnsv_50Match-

sonicwallnsv_800Match-

sonicwallnsv_870Match-

AND

sonicwallsonicosRange≤7.0.1-r1283

Node

sonicwallnssp_12400Match-

sonicwallnssp_12800Match-

sonicwallnssp_13700Match-

sonicwallnssp_15700Match-

AND

sonicwallsonicosRange≤7.0.1-r579

Node

sonicwallnsa_2650Match-

sonicwallnsa_2700Match-

sonicwallnsa_3650Match-

sonicwallnsa_3700Match-

sonicwallnsa_4650Match-

sonicwallnsa_4700Match-

sonicwallnsa_5650Match-

sonicwallnsa_6650Match-

sonicwallnsa_6700Match-

sonicwallnsa_9250Match-

sonicwallnsa_9450Match-

sonicwallnsa_9650Match-

sonicwallsoho_250wMatch-

sonicwallsupermassive_9200Match-

sonicwallsupermassive_9400Match-

sonicwallsupermassive_9600Match-

sonicwallsupermassive_9800Match-

sonicwalltz270Match-

sonicwalltz270wMatch-

sonicwalltz300Match-

sonicwalltz300pMatch-

sonicwalltz300wMatch-

sonicwalltz350Match-

sonicwalltz350wMatch-

sonicwalltz370Match-

sonicwalltz370wMatch-

sonicwalltz400Match-

sonicwalltz400wMatch-

sonicwalltz470Match-

sonicwalltz470wMatch-

sonicwalltz500Match-

sonicwalltz500wMatch-

sonicwalltz570Match-

sonicwalltz570pMatch-

sonicwalltz570wMatch-

sonicwalltz600Match-

sonicwalltz600pMatch-

sonicwalltz670Match-

AND

sonicwallsonicosRange≤6.5.4.7

Node

sonicwallnssp_12400Match-

sonicwallnssp_12800Match-

sonicwallsupermassive_9800Match-

AND

sonicwallsonicosRange≤6.5.1.12

Node

sonicwallsupermassive_e10200Match-

sonicwallsupermassive_e10400Match-

sonicwallsupermassive_e10800Match-

AND

sonicwallsonicosRange≤6.0.5.3-94o

Node

sonicwallnsa_2650Match-

sonicwallnsa_2700Match-

sonicwallnsa_3650Match-

sonicwallnsa_3700Match-

sonicwallnsa_4650Match-

sonicwallnsa_4700Match-

sonicwallnsa_5650Match-

sonicwallnsa_6650Match-

sonicwallnsa_6700Match-

sonicwallnsa_9250Match-

sonicwallnsa_9450Match-

sonicwallnsa_9650Match-

sonicwallsoho_250Match-

sonicwallsoho_250wMatch-

sonicwalltz270Match-

sonicwalltz270wMatch-

sonicwalltz300Match-

sonicwalltz300pMatch-

sonicwalltz300wMatch-

sonicwalltz350Match-

sonicwalltz350wMatch-

sonicwalltz370Match-

sonicwalltz370wMatch-

sonicwalltz400Match-

sonicwalltz400wMatch-

sonicwalltz470Match-

sonicwalltz470wMatch-

sonicwalltz500Match-

sonicwalltz500wMatch-

AND

sonicwallsonicosRange≤5.9.1.13

References

packetstormsecurity.com/files/164502/Sonicwall-SonicOS-7.0-Host-Header-Injection.html

psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0019

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.019

Percentile

88.6%

JSON

Related for NVD:CVE-2021-20031

nuclei1 packetstorm1 cve1 prion1 zdt1 cvelist1 exploitdb1