Vulnerability Description
An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sonicwall | Sma 200 Firmware | <= 9.0.0.10-28sv |
| Sonicwall | Sma 200 | - |
| Sonicwall | Sma 210 Firmware | <= 9.0.0.10-28sv |
| Sonicwall | Sma 210 | - |
| Sonicwall | Sma 400 Firmware | <= 9.0.0.10-28sv |
| Sonicwall | Sma 400 | - |
| Sonicwall | Sma 410 Firmware | <= 9.0.0.10-28sv |
| Sonicwall | Sma 410 | - |
| Sonicwall | Sma 500V | <= 9.0.0.10-28sv |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/164564/SonicWall-SMA-10.2.1.0-17sv-PasswordExploitThird Party AdvisoryVDB Entry
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0021Vendor Advisory
- http://packetstormsecurity.com/files/164564/SonicWall-SMA-10.2.1.0-17sv-PasswordExploitThird Party AdvisoryVDB Entry
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0021Vendor Advisory
FAQ
What is CVE-2021-20034?
CVE-2021-20034 is a vulnerability with a CVSS score of 9.1 (CRITICAL). An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factor...
How severe is CVE-2021-20034?
CVE-2021-20034 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-20034?
Check the references section above for vendor advisories and patch information. Affected products include: Sonicwall Sma 200 Firmware, Sonicwall Sma 200, Sonicwall Sma 210 Firmware, Sonicwall Sma 210, Sonicwall Sma 400 Firmware.