← Voltar para CVEs
CVE-2021-20016
CRITICALCISA KEV9.8
Descricao
A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x.
Detalhes CVE
Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado2/4/2021
Ultima modificacao10/31/2025
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorSonicWall
ProdutoSSLVPN SMA100
Nome da vulnerabilidadeSonicWall SSLVPN SMA100 SQL Injection Vulnerability
Data inclusao KEV2021-11-03
Prazo de remediacao2021-11-17
Uso em ransomwareKnown
Produtos afetados
sonicwall:sma_100sonicwall:sma_100_firmwaresonicwall:sma_200sonicwall:sma_200_firmwaresonicwall:sma_210sonicwall:sma_210_firmwaresonicwall:sma_400sonicwall:sma_400_firmwaresonicwall:sma_410sonicwall:sma_410_firmwaresonicwall:sma_500v
Fraquezas (CWE)
CWE-89CWE-89
Referencias
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0001(PSIRT@sonicwall.com)
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0001(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-20016(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.