A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. This vulnerability impacts 10.2.1.2-24sv, 10.2.0.8-37sv and earlier 10.x versions.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N
Vendors Products
Sonicwall
  • Sma200
  • Sma 210 Firmware
  • Sma410
  • Sma 200 Firmware
  • Sma500v
  • Sma 410 Firmware
  • Sma400
  • Sma 100 Firmware
  • Sma100
  • Sma 500v Firmware
  • Sma 400 Firmware
  • Sma210

Configuration 1 [-]

AND
OR cpe:2.3:o:sonicwall:sma_100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sma_100_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sma_100_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sma100:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
OR cpe:2.3:o:sonicwall:sma_200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sma_200_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sma_200_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sma200:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
OR cpe:2.3:o:sonicwall:sma_210_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sma_210_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sma_210_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sma210:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
OR cpe:2.3:o:sonicwall:sma_400_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sma_400_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sma_400_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sma400:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
OR cpe:2.3:o:sonicwall:sma_410_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sma_410_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sma_410_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sma410:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
OR cpe:2.3:o:sonicwall:sma_500v_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sma_500v_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sma_500v_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sma500v:-:*:*:*:*:*:*:*
References
Link Resource
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0030 Vendor Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: sonicwall

Published: 2021-12-23T01:20:09

Updated: 2021-12-23T01:20:09

Reserved: 2020-12-17T00:00:00

Link: CVE-2021-20049

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2021-12-23T02:15:06.583

Modified: 2022-07-08T18:20:05.127

Link: CVE-2021-20049

JSON object: View

cve-icon Redhat Information

No data.

CWE