CVSS: 9.8EPSS: 95%CPEs: 20EXPL: 3CVE-2021-20038 – SonicWall SMA 100 Appliances Stack-Based Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2021-20038
A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv and earlier versions. Una vulnerabilidad de desbordamiento de búfer en la región Stack de la memoria en las variables de entorno del módulo mod_cgi del servidor httpd de SMA100 permite a un atacante remoto no autenticado ejecutar potencialmente código como usuario "nobody" en el dispositivo. Esta vulnerabilidad afecta a los dispositivos SMA 200, 210, 400, 410 y 500v con firmware versiones 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv y versiones anteriores SonicWall SMA 100 devies are vulnerable to an unauthenticated stack-based buffer overflow vulnerability where exploitation can result in code execution. • https://github.com/vesperp/CVE-2021-20038-SonicWall-RCE https://github.com/jbaines-r7/badblood https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026 https://www.rapid7.com/blog/post/2022/01/11/cve-2021-20038-42-sonicwall-sma-100-multiple-vulnerabilities-fixed-2 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.8EPSS: 0%CPEs: 19EXPL: 0CVE-2021-20035
https://notcve.org/view.php?id=CVE-2021-20035
Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user which potentially leads to DoS. Una neutralización inapropiada de los elementos especiales en la interfaz de administración de SMA100 permite a un atacante remoto autenticado inyectar comandos arbitrarios como usuario "nobody", que conlleva potencialmente a un DoS • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0022 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.1EPSS: 64%CPEs: 19EXPL: 2CVE-2021-20034 – SonicWall SMA 10.2.1.0-17sv - Password Reset
https://notcve.org/view.php?id=CVE-2021-20034
An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings. Una vulnerabilidad de control de acceso inapropiado en SMA100 permite a un atacante remoto no autenticado omitir las comprobaciones de salto de ruta y eliminar un archivo arbitrario, resultando potencialmente en un reinicio a la configuración predeterminada de fábrica SonicWall SMA version 10.2.1.0-17sv suffers from a remote password reset vulnerability. • https://www.exploit-db.com/exploits/50430 http://packetstormsecurity.com/files/164564/SonicWall-SMA-10.2.1.0-17sv-Password-Reset.html https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0021 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 2%CPEs: 6EXPL: 0CVE-2021-20028 – SonicWall Secure Remote Access (SRA) SQL Injection Vulnerability
https://notcve.org/view.php?id=CVE-2021-20028
Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products, specifically the SRA appliances running all 8.x firmware and 9.0.0.9-26sv or earlier Una neutralización inapropiada de un Comando SQL conllevando una vulnerabilidad de Inyección SQL impactando a los productos Secure Remote Access (SRA) al final de su vida útil, concretamente a dispositivos SRA que ejecutan todo el firmware 8.x y 9.0.0.9-26sv o anteriores SonicWall Secure Remote Access (SRA) products contain an improper neutralization of a SQL Command leading to SQL injection. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0017 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 2%CPEs: 11EXPL: 0CVE-2021-20016 – SonicWall SSLVPN SMA100 SQL Injection Vulnerability
https://notcve.org/view.php?id=CVE-2021-20016
A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x. Una vulnerabilidad de inyección de SQL en el producto SonicWall SSLVPN SMA100, permite a un atacante remoto no autenticado llevar a cabo una consulta SQL para acceder a la contraseña del nombre de usuario y otra información relacionada con la sesión. Esta vulnerabilidad afecta a la versión 10.x de la compilación SMA100 SonicWall SSLVPN SMA100 contains a SQL injection vulnerability that allows remote exploitation for credential access by an unauthenticated attacker. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0001 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •