Vulnerability Description
A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sonicwall | Sma 100 Firmware | >= 10.0.0.0, < 10.2.0.5-d-29sv |
| Sonicwall | Sma 100 | - |
| Sonicwall | Sma 200 Firmware | - |
| Sonicwall | Sma 200 | - |
| Sonicwall | Sma 210 Firmware | - |
| Sonicwall | Sma 210 | - |
| Sonicwall | Sma 400 Firmware | - |
| Sonicwall | Sma 400 | - |
| Sonicwall | Sma 410 Firmware | - |
| Sonicwall | Sma 410 | - |
| Sonicwall | Sma 500V | - |
Related Weaknesses (CWE)
References
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0001MitigationVendor Advisory
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0001MitigationVendor Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-US Government Resource
FAQ
What is CVE-2021-20016?
CVE-2021-20016 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. Th...
How severe is CVE-2021-20016?
CVE-2021-20016 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-20016?
Check the references section above for vendor advisories and patch information. Affected products include: Sonicwall Sma 100 Firmware, Sonicwall Sma 100, Sonicwall Sma 200 Firmware, Sonicwall Sma 200, Sonicwall Sma 210 Firmware.