Vulnerability Description
Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user which potentially leads to DoS.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sonicwall | Sma 200 Firmware | < 9.0.0.11-31sv |
| Sonicwall | Sma 200 | - |
| Sonicwall | Sma 210 Firmware | < 9.0.0.11-31sv |
| Sonicwall | Sma 210 | - |
| Sonicwall | Sma 400 Firmware | < 9.0.0.11-31sv |
| Sonicwall | Sma 400 | - |
| Sonicwall | Sma 410 Firmware | < 9.0.0.11-31sv |
| Sonicwall | Sma 410 | - |
| Sonicwall | Sma 500V | < 9.0.0.11-31sv |
Related Weaknesses (CWE)
References
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0022Vendor Advisory
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0022Vendor Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-US Government Resource
FAQ
What is CVE-2021-20035?
CVE-2021-20035 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user which potentially leads to DoS.
How severe is CVE-2021-20035?
CVE-2021-20035 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-20035?
Check the references section above for vendor advisories and patch information. Affected products include: Sonicwall Sma 200 Firmware, Sonicwall Sma 200, Sonicwall Sma 210 Firmware, Sonicwall Sma 210, Sonicwall Sma 400 Firmware.