1. Home
  2. CVE Database
  3. CVE-2021-20049
HIGH · 7.5

CVE-2021-20049

A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. This vulnerability impacts 10.2.1...

Vulnerability Description

A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. This vulnerability impacts 10.2.1.2-24sv, 10.2.0.8-37sv and earlier 10.x versions.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
SonicwallSma 100 Firmware< 10.0.0.0
SonicwallSma100-
SonicwallSma 200 Firmware< 10.0.0.0
SonicwallSma200-
SonicwallSma 210 Firmware< 10.0.0.0
SonicwallSma210-
SonicwallSma 400 Firmware< 10.0.0.0
SonicwallSma400-
SonicwallSma 410 Firmware< 10.0.0.0
SonicwallSma410-
SonicwallSma 500V Firmware< 10.0.0.0
SonicwallSma500V-

Related Weaknesses (CWE)

CWE-203CWE-204

References

FAQ

What is CVE-2021-20049?

CVE-2021-20049 is a vulnerability with a CVSS score of 7.5 (HIGH). A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. This vulnerability impacts 10.2.1...

How severe is CVE-2021-20049?

CVE-2021-20049 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-20049?

Check the references section above for vendor advisories and patch information. Affected products include: Sonicwall Sma 100 Firmware, Sonicwall Sma100, Sonicwall Sma 200 Firmware, Sonicwall Sma200, Sonicwall Sma 210 Firmware.