A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv and earlier versions.
References
Link | Resource |
---|---|
https://github.com/jbaines-r7/badblood | Exploit Third Party Advisory |
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026 | Vendor Advisory |
https://www.rapid7.com/blog/post/2022/01/11/cve-2021-20038-42-sonicwall-sma-100-multiple-vulnerabilities-fixed-2/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: sonicwall
Published: 2021-12-08T09:55:20
Updated: 2022-04-29T11:48:42
Reserved: 2020-12-17T00:00:00
Link: CVE-2021-20038
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-12-08T10:15:07.750
Modified: 2022-05-13T14:54:32.797
Link: CVE-2021-20038
JSON object: View
Redhat Information
No data.