CVE-2021-20035 - OpenCVE

Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user which potentially leads to DoS.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:L/Au:S/C:N/I:N/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Sonicwall	Sma 210 Sma 210 Firmware Sma 200 Firmware Sma 400 Sma 410 Firmware Sma 410 Sma 200 Sma 500v Sma 400 Firmware

Configuration 1 [-]

AND

OR	cpe:2.3:o:sonicwall:sma_200_firmware::::::::
	cpe:2.3:o:sonicwall:sma_200_firmware::::::::
	cpe:2.3:o:sonicwall:sma_200_firmware::::::::

cpe:2.3:h:sonicwall:sma_200:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

OR	cpe:2.3:o:sonicwall:sma_210_firmware::::::::
	cpe:2.3:o:sonicwall:sma_210_firmware::::::::
	cpe:2.3:o:sonicwall:sma_210_firmware::::::::

cpe:2.3:h:sonicwall:sma_210:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

OR	cpe:2.3:o:sonicwall:sma_400_firmware::::::::
	cpe:2.3:o:sonicwall:sma_400_firmware::::::::
	cpe:2.3:o:sonicwall:sma_400_firmware::::::::

cpe:2.3:h:sonicwall:sma_400:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

OR	cpe:2.3:o:sonicwall:sma_410_firmware::::::::
	cpe:2.3:o:sonicwall:sma_410_firmware::::::::
	cpe:2.3:o:sonicwall:sma_410_firmware::::::::

cpe:2.3:h:sonicwall:sma_410:-:*:*:*:*:*:*:*

Configuration 5 [-]

OR	cpe:2.3:a:sonicwall:sma_500v::::::::
	cpe:2.3:a:sonicwall:sma_500v::::::::
	cpe:2.3:a:sonicwall:sma_500v::::::::

References

Link	Resource
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0022	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: sonicwall

Published: 2021-09-27T17:20:12

Updated: 2021-09-27T17:20:12

Reserved: 2020-12-17T00:00:00

Link: CVE-2021-20035

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-09-27T18:15:08.383

Modified: 2021-10-06T17:29:36.947

Link: CVE-2021-20035

JSON object: View

Redhat Information

No data.

CWE

CWE-78

{"containers": {"cna": {"affected": [{"product": "SMA100", "vendor": "SonicWall", "versions": [{"status": "affected", "version": "9.0.0.10-28sv and earlier"}, {"status": "affected", "version": "10.2.0.7-34sv and earlier"}, {"status": "affected", "version": "10.2.1.0-17sv and earlier"}]}], "descriptions": [{"lang": "en", "value": "Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user which potentially leads to DoS."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-09-27T17:20:12", "orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315", "shortName": "sonicwall"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0022"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "PSIRT@sonicwall.com", "ID": "CVE-2021-20035", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SMA100", "version": {"version_data": [{"version_value": "9.0.0.10-28sv and earlier"}, {"version_value": "10.2.0.7-34sv and earlier"}, {"version_value": "10.2.1.0-17sv and earlier"}]}}]}, "vendor_name": "SonicWall"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user which potentially leads to DoS."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}]}, "references": {"reference_data": [{"name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0022", "refsource": "CONFIRM", "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0022"}]}}}}, "cveMetadata": {"assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315", "assignerShortName": "sonicwall", "cveId": "CVE-2021-20035", "datePublished": "2021-09-27T17:20:12", "dateReserved": "2020-12-17T00:00:00", "dateUpdated": "2021-09-27T17:20:12", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sonicwall:sma_200_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "108AAFDC-548F-4450-9ABF-CAF42D759960", "versionEndIncluding": "9.0.0.10-28sv", "vulnerable": true}, {"criteria": "cpe:2.3:o:sonicwall:sma_200_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7433B0B1-15C8-4D79-A83F-FE4D26C96AA4", "versionEndIncluding": "10.2.0.7-34sv", "versionStartIncluding": "10.2.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:sonicwall:sma_200_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "71954BC8-24EC-40E9-9376-4827104DA661", "versionEndIncluding": "10.2.1.0-17sv", "versionStartIncluding": "10.2.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sonicwall:sma_200:-:*:*:*:*:*:*:*", "matchCriteriaId": "0B190266-AD6F-401B-9B2E-061CDD539236", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sonicwall:sma_210_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B4936140-6776-48A7-80FE-F526C8BA9D10", "versionEndIncluding": "9.0.0.10-28sv", "vulnerable": true}, {"criteria": "cpe:2.3:o:sonicwall:sma_210_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C12FB28F-CC80-41C6-BBC5-384655CB8016", "versionEndIncluding": "10.2.0.7-34sv", "versionStartIncluding": "10.2.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:sonicwall:sma_210_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DF34C6CE-C99C-4956-AE18-971AC93A4DEB", "versionEndIncluding": "10.2.1.0-17sv", "versionStartIncluding": "10.2.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sonicwall:sma_210:-:*:*:*:*:*:*:*", "matchCriteriaId": "51587338-4A5F-41FC-9497-743F061947C2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sonicwall:sma_400_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "198EF039-97C1-498D-8521-8357E6E65843", "versionEndIncluding": "9.0.0.10-28sv", "vulnerable": true}, {"criteria": "cpe:2.3:o:sonicwall:sma_400_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0F73402C-44D6-4B7A-B482-BAFB339DE78E", "versionEndIncluding": "10.2.0.7-34sv", "versionStartIncluding": "10.2.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:sonicwall:sma_400_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "817E88C2-EC36-4DDD-B022-4417D7875B00", "versionEndIncluding": "10.2.1.0-17sv", "versionStartIncluding": "10.2.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sonicwall:sma_400:-:*:*:*:*:*:*:*", "matchCriteriaId": "9D728332-10C9-4508-B720-569D44E99543", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sonicwall:sma_410_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FE7AD359-EB77-478C-87D7-72C8C3DE8D45", "versionEndIncluding": "9.0.0.10-28sv", "vulnerable": true}, {"criteria": "cpe:2.3:o:sonicwall:sma_410_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "324F8DFE-9AA8-4157-BC92-3F05AE1577D3", "versionEndIncluding": "10.2.0.7-34sv", "versionStartIncluding": "10.2.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:sonicwall:sma_410_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "95AC69B7-BDDF-49C7-8AFA-ADDF06A1E2AA", "versionEndIncluding": "10.2.1.0-17sv", "versionStartIncluding": "10.2.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sonicwall:sma_410:-:*:*:*:*:*:*:*", "matchCriteriaId": "9DFB8FBC-FFA4-4526-B306-D5692A43DC9E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sonicwall:sma_500v:*:*:*:*:*:*:*:*", "matchCriteriaId": "E65ABFDA-AC3F-4348-BF05-49CEE41C786C", "versionEndIncluding": "9.0.0.10-28sv", "vulnerable": true}, {"criteria": "cpe:2.3:a:sonicwall:sma_500v:*:*:*:*:*:*:*:*", "matchCriteriaId": "6915D214-F408-4E1D-B10A-4D268CB0643A", "versionEndIncluding": "10.2.0.7-34sv", "versionStartIncluding": "10.2.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sonicwall:sma_500v:*:*:*:*:*:*:*:*", "matchCriteriaId": "52384213-F14E-446D-BD7D-4869C3B8140B", "versionEndIncluding": "10.2.1.0-17sv", "versionStartIncluding": "10.2.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user which potentially leads to DoS."}, {"lang": "es", "value": "Una neutralizaci\u00f3n inapropiada de los elementos especiales en la interfaz de administraci\u00f3n de SMA100 permite a un atacante remoto autenticado inyectar comandos arbitrarios como usuario \"nobody\", que conlleva potencialmente a un DoS"}], "id": "CVE-2021-20035", "lastModified": "2021-10-06T17:29:36.947", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 6.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-09-27T18:15:08.383", "references": [{"source": "PSIRT@sonicwall.com", "tags": ["Vendor Advisory"], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0022"}], "sourceIdentifier": "PSIRT@sonicwall.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-78"}], "source": "PSIRT@sonicwall.com", "type": "Secondary"}]}