← Retour aux CVEs
CVE-2021-20016
CRITICALCISA KEV9.8
Description
A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x.
Details CVE
Score CVSS v3.19.8
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie2/4/2021
Derniere modification10/31/2025
Sourcekev
Observations honeypot0
CISA KEV
FournisseurSonicWall
ProduitSSLVPN SMA100
Nom vulnerabiliteSonicWall SSLVPN SMA100 SQL Injection Vulnerability
Date ajout KEV2021-11-03
Date limite remediation2021-11-17
Utilise dans ransomwareKnown
Produits affectes
sonicwall:sma_100sonicwall:sma_100_firmwaresonicwall:sma_200sonicwall:sma_200_firmwaresonicwall:sma_210sonicwall:sma_210_firmwaresonicwall:sma_400sonicwall:sma_400_firmwaresonicwall:sma_410sonicwall:sma_410_firmwaresonicwall:sma_500v
Faiblesses (CWE)
CWE-89CWE-89
References
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0001(PSIRT@sonicwall.com)
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0001(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-20016(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.