fkie_nvd - fkie_cve-2021-20050

fkie_cve-2021-20050

Vulnerability from fkie_nvd

Published

2021-12-23 02:15

Modified

2024-11-21 05:45

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted management APIs being accessible without a user login, potentially exposing configuration meta-data.

References

▼	URL	Tags
	PSIRT@sonicwall.com	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0031	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0031	Vendor Advisory

Impacted products

Vendor	Product	Version
sonicwall	sma_100_firmware	*
sonicwall	sma_100_firmware	10.2.0.8-37sv
sonicwall	sma_100_firmware	10.2.1.2-24sv
sonicwall	sma100	-
sonicwall	sma_200_firmware	*
sonicwall	sma_200_firmware	10.2.0.8-37sv
sonicwall	sma_200_firmware	10.2.1.2-24sv
sonicwall	sma200	-
sonicwall	sma_210_firmware	*
sonicwall	sma_210_firmware	10.2.0.8-37sv
sonicwall	sma_210_firmware	10.2.1.2-24sv
sonicwall	sma210	-
sonicwall	sma_400_firmware	*
sonicwall	sma_400_firmware	10.2.0.8-37sv
sonicwall	sma_400_firmware	10.2.1.2-24sv
sonicwall	sma400	-
sonicwall	sma_410_firmware	*
sonicwall	sma_410_firmware	10.2.0.8-37sv
sonicwall	sma_410_firmware	10.2.1.2-24sv
sonicwall	sma410	-
sonicwall	sma_500v_firmware	*
sonicwall	sma_500v_firmware	10.2.0.8-37sv
sonicwall	sma_500v_firmware	10.2.1.2-24sv
sonicwall	sma500v	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sonicwall:sma_100_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1A02AA5-1A61-429B-B0B3-898636C4B563",
              "versionEndExcluding": "10.0.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sonicwall:sma_100_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*",
              "matchCriteriaId": "87A26093-E966-4EBA-AA58-2C98499B9165",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sonicwall:sma_100_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*",
              "matchCriteriaId": "5575D431-4FF7-4717-9DA8-4DBD1EF49BB1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sonicwall:sma100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E4A2B7B-40F5-4AE0-ACC7-E94B82435DBA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sonicwall:sma_200_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "903AAB55-2325-44BA-ADA9-69AAEE9A1AF9",
              "versionEndExcluding": "10.0.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sonicwall:sma_200_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*",
              "matchCriteriaId": "4185C028-6A07-4A92-8380-9AA3953D2CFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sonicwall:sma_200_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*",
              "matchCriteriaId": "01134E66-F1FD-477B-AD44-FDEE8368BE18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sonicwall:sma200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4AE2DFC-D7C3-40B8-B3DD-B65F7BB5D8C3",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sonicwall:sma_210_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4892669-DD8A-4A28-B6AA-632A8DA861AC",
              "versionEndExcluding": "10.0.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sonicwall:sma_210_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*",
              "matchCriteriaId": "E62EEC93-6F52-4DDB-95F0-D5736391D64C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sonicwall:sma_210_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*",
              "matchCriteriaId": "B38AAB98-7668-4F34-8D5F-9933422F12DD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sonicwall:sma210:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E069FF32-C6B6-4EB3-B6E4-CEF6A6C4257D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sonicwall:sma_400_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9AC3454-D403-4989-81F3-9DD7608967AA",
              "versionEndExcluding": "10.0.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sonicwall:sma_400_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BE21589-3BEC-4245-9939-CF50DE70B12A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sonicwall:sma_400_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*",
              "matchCriteriaId": "54946A90-09AC-4387-BACB-883AE70FD5A7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sonicwall:sma400:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A0EF9C5-685E-49A4-ABFE-302781111753",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sonicwall:sma_410_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "42AE0158-515A-4565-B814-27AEAD941304",
              "versionEndExcluding": "10.0.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sonicwall:sma_410_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*",
              "matchCriteriaId": "53698BD3-43B6-4EC4-8847-E6ED9A3CB6F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sonicwall:sma_410_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F1FA3D8-C44A-4F33-B35D-AADF8C4E45DF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sonicwall:sma410:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "47C0EBD9-B4BA-4E45-8BE3-3B6C60BF0FC1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sonicwall:sma_500v_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AE054F5-87E5-4DF5-9CD8-BF39428A092F",
              "versionEndExcluding": "10.0.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sonicwall:sma_500v_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*",
              "matchCriteriaId": "379F7CA2-8914-4710-AE6B-D2833605D4B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sonicwall:sma_500v_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*",
              "matchCriteriaId": "9395563D-9071-4CE2-BAEA-D6854F4AD961",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sonicwall:sma500v:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FF52AAE-592C-4472-866C-7776ADBA5E93",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted management APIs being accessible without a user login, potentially exposing configuration meta-data."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de control de acceso inapropiado en la serie SMA100 conlleva a que varias API de administraci\u00f3n restringidas sean accesibles sin un inicio de sesi\u00f3n de usuario, exponiendo potencialmente los metadatos de configuraci\u00f3n"
    }
  ],
  "id": "CVE-2021-20050",
  "lastModified": "2024-11-21T05:45:51.470",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-12-23T02:15:06.637",
  "references": [
    {
      "source": "PSIRT@sonicwall.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0031"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0031"
    }
  ],
  "sourceIdentifier": "PSIRT@sonicwall.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "PSIRT@sonicwall.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2021-20050

Vulnerability from cvelistv5

Published

2021-12-23 01:20