An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted management APIs being accessible without a user login, potentially exposing configuration meta-data.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N
Vendors Products
Sonicwall
  • Sma200
  • Sma 210 Firmware
  • Sma410
  • Sma 200 Firmware
  • Sma500v
  • Sma 410 Firmware
  • Sma400
  • Sma 100 Firmware
  • Sma100
  • Sma 500v Firmware
  • Sma 400 Firmware
  • Sma210

Configuration 1 [-]

AND
OR cpe:2.3:o:sonicwall:sma_100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sma_100_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sma_100_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sma100:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
OR cpe:2.3:o:sonicwall:sma_200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sma_200_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sma_200_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sma200:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
OR cpe:2.3:o:sonicwall:sma_210_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sma_210_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sma_210_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sma210:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
OR cpe:2.3:o:sonicwall:sma_400_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sma_400_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sma_400_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sma400:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
OR cpe:2.3:o:sonicwall:sma_410_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sma_410_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sma_410_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sma410:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
OR cpe:2.3:o:sonicwall:sma_500v_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sma_500v_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sma_500v_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sma500v:-:*:*:*:*:*:*:*
References
Link Resource
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0031 Vendor Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: sonicwall

Published: 2021-12-23T01:20:11

Updated: 2021-12-23T01:20:11

Reserved: 2020-12-17T00:00:00

Link: CVE-2021-20050

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2021-12-23T02:15:06.637

Modified: 2022-10-21T20:03:35.393

Link: CVE-2021-20050

JSON object: View

cve-icon Redhat Information

No data.

CWE