SonicWall SSLVPN SMA100 10.x sql injection

entryeditHistoryDiffjsonxmlCTI

A vulnerability has been found in SonicWall SSLVPN SMA100 10.x (Firewall Software) and classified as critical. Affected by this vulnerability is an unknown code block. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field02/04/2021 06:50 PM02/05/2021 01:06 PM02/23/2021 02:55 PM
nameSonicWall SSLVPN SMA100SonicWall SSLVPN SMA100SonicWall SSLVPN SMA100
version10.x10.x10.x
cwe89 (sql injection)89 (sql injection)89 (sql injection)
risk222
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
cvss3_vuldb_rcCCC
identifierSNWLID-2021-0001SNWLID-2021-0001SNWLID-2021-0001
urlhttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0001https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0001https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0001
cveCVE-2021-20016CVE-2021-20016CVE-2021-20016
date1612393200 (02/04/2021)1612393200 (02/04/2021)1612393200 (02/04/2021)
typeFirewall SoftwareFirewall SoftwareFirewall Software
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_auNNN
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss2_vuldb_rcCCC
cvss2_vuldb_eNDFF
cvss2_vuldb_rlNDNDND
cvss3_vuldb_eXFF
cvss3_vuldb_rlXXX
cvss2_vuldb_basescore7.57.57.5
cvss2_vuldb_tempscore7.57.17.1
cvss3_vuldb_basescore7.37.37.3
cvss3_vuldb_tempscore7.37.17.1
cvss3_meta_basescore7.37.37.3
cvss3_meta_tempscore7.37.17.1
price_0day$0-$5k$0-$5k$0-$5k
availability11
publicity00
cve_assigned1608159600
cve_nvd_summaryA SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x.
confirm_urlhttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0001

Want to stay up to date on a daily basis?

Enable the mail alert feature now!