CVE-2021-20016
SonicWall SSLVPN SMA100 SQL Injection Vulnerability
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
Yes
*KEV
Decision
-
*SSVC
Descriptions
A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x.
Una vulnerabilidad de inyección de SQL en el producto SonicWall SSLVPN SMA100, permite a un atacante remoto no autenticado llevar a cabo una consulta SQL para acceder a la contraseña del nombre de usuario y otra información relacionada con la sesión. Esta vulnerabilidad afecta a la versión 10.x de la compilación SMA100
SonicWall SSLVPN SMA100 contains a SQL injection vulnerability that allows remote exploitation for credential access by an unauthenticated attacker.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-12-17 CVE Reserved
- 2021-02-03 CVE Published
- 2021-11-03 Exploited in Wild
- 2021-11-17 KEV Due Date
- 2024-02-21 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- First Exploit
CWE
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0001 | 2021-02-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sonicwall Search vendor "Sonicwall" | Sma 100 Firmware Search vendor "Sonicwall" for product "Sma 100 Firmware" | >= 10.0.0.0 < 10.2.0.5-d-29sv Search vendor "Sonicwall" for product "Sma 100 Firmware" and version " >= 10.0.0.0 < 10.2.0.5-d-29sv" | - |
Affected
| in | Sonicwall Search vendor "Sonicwall" | Sma 100 Search vendor "Sonicwall" for product "Sma 100" | - | - |
Safe
|
| Sonicwall Search vendor "Sonicwall" | Sma 200 Firmware Search vendor "Sonicwall" for product "Sma 200 Firmware" | - | - |
Affected
| in | Sonicwall Search vendor "Sonicwall" | Sma 200 Search vendor "Sonicwall" for product "Sma 200" | - | - |
Safe
|
| Sonicwall Search vendor "Sonicwall" | Sma 210 Firmware Search vendor "Sonicwall" for product "Sma 210 Firmware" | - | - |
Affected
| in | Sonicwall Search vendor "Sonicwall" | Sma 210 Search vendor "Sonicwall" for product "Sma 210" | - | - |
Safe
|
| Sonicwall Search vendor "Sonicwall" | Sma 400 Firmware Search vendor "Sonicwall" for product "Sma 400 Firmware" | - | - |
Affected
| in | Sonicwall Search vendor "Sonicwall" | Sma 400 Search vendor "Sonicwall" for product "Sma 400" | - | - |
Safe
|
| Sonicwall Search vendor "Sonicwall" | Sma 410 Firmware Search vendor "Sonicwall" for product "Sma 410 Firmware" | - | - |
Affected
| in | Sonicwall Search vendor "Sonicwall" | Sma 410 Search vendor "Sonicwall" for product "Sma 410" | - | - |
Safe
|
| Sonicwall Search vendor "Sonicwall" | Sma 500v Search vendor "Sonicwall" for product "Sma 500v" | - | - |
Affected
| ||||||