CVE-2021-20050

An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted management APIs being accessible without a user login, potentially exposing configuration meta-data.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0031	Vendor Advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0031	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:sonicwall:sma_100_firmware::::::::
	cpe:2.3:o:sonicwall:sma_100_firmware:10.2.0.8-37sv:::::::*
	cpe:2.3:o:sonicwall:sma_100_firmware:10.2.1.2-24sv:::::::*

cpe:2.3:h:sonicwall:sma100:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

OR	cpe:2.3:o:sonicwall:sma_200_firmware::::::::
	cpe:2.3:o:sonicwall:sma_200_firmware:10.2.0.8-37sv:::::::*
	cpe:2.3:o:sonicwall:sma_200_firmware:10.2.1.2-24sv:::::::*

cpe:2.3:h:sonicwall:sma200:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

OR	cpe:2.3:o:sonicwall:sma_210_firmware::::::::
	cpe:2.3:o:sonicwall:sma_210_firmware:10.2.0.8-37sv:::::::*
	cpe:2.3:o:sonicwall:sma_210_firmware:10.2.1.2-24sv:::::::*

cpe:2.3:h:sonicwall:sma210:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

OR	cpe:2.3:o:sonicwall:sma_400_firmware::::::::
	cpe:2.3:o:sonicwall:sma_400_firmware:10.2.0.8-37sv:::::::*
	cpe:2.3:o:sonicwall:sma_400_firmware:10.2.1.2-24sv:::::::*

cpe:2.3:h:sonicwall:sma400:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

OR	cpe:2.3:o:sonicwall:sma_410_firmware::::::::
	cpe:2.3:o:sonicwall:sma_410_firmware:10.2.0.8-37sv:::::::*
	cpe:2.3:o:sonicwall:sma_410_firmware:10.2.1.2-24sv:::::::*

cpe:2.3:h:sonicwall:sma410:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

OR	cpe:2.3:o:sonicwall:sma_500v_firmware::::::::
	cpe:2.3:o:sonicwall:sma_500v_firmware:10.2.0.8-37sv:::::::*
	cpe:2.3:o:sonicwall:sma_500v_firmware:10.2.1.2-24sv:::::::*

cpe:2.3:h:sonicwall:sma500v:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:45

Type	Values Removed	Values Added
References	~~() https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0031 - Vendor Advisory~~	() https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0031 - Vendor Advisory

Information

Published : 2021-12-23 02:15

Updated : 2024-11-21 05:45

NVD link : CVE-2021-20050

Mitre link : CVE-2021-20050

CVE.ORG link : CVE-2021-20050

JSON object : View

Products Affected

sonicwall

sma_200_firmware
sma210
sma400
sma_410_firmware
sma_400_firmware
sma100
sma_500v_firmware
sma_210_firmware
sma500v
sma410
sma_100_firmware
sma200

CWE

CWE-284

Improper Access Control

NVD-CWE-Other

{"id": "CVE-2021-20050", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2021-12-23T02:15:06.637", "references": [{"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0031", "tags": ["Vendor Advisory"], "source": "PSIRT@sonicwall.com"}, {"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0031", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "PSIRT@sonicwall.com", "description": [{"lang": "en", "value": "CWE-284"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted management APIs being accessible without a user login, potentially exposing configuration meta-data."}, {"lang": "es", "value": "Una vulnerabilidad de control de acceso inapropiado en la serie SMA100 conlleva a que varias API de administraci\u00f3n restringidas sean accesibles sin un inicio de sesi\u00f3n de usuario, exponiendo potencialmente los metadatos de configuraci\u00f3n"}], "lastModified": "2024-11-21T05:45:51.470", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sonicwall:sma_100_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C1A02AA5-1A61-429B-B0B3-898636C4B563", "versionEndExcluding": "10.0.0.0"}, {"criteria": "cpe:2.3:o:sonicwall:sma_100_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "87A26093-E966-4EBA-AA58-2C98499B9165"}, {"criteria": "cpe:2.3:o:sonicwall:sma_100_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5575D431-4FF7-4717-9DA8-4DBD1EF49BB1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sonicwall:sma100:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8E4A2B7B-40F5-4AE0-ACC7-E94B82435DBA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sonicwall:sma_200_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "903AAB55-2325-44BA-ADA9-69AAEE9A1AF9", "versionEndExcluding": "10.0.0.0"}, {"criteria": "cpe:2.3:o:sonicwall:sma_200_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4185C028-6A07-4A92-8380-9AA3953D2CFD"}, {"criteria": "cpe:2.3:o:sonicwall:sma_200_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "01134E66-F1FD-477B-AD44-FDEE8368BE18"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sonicwall:sma200:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F4AE2DFC-D7C3-40B8-B3DD-B65F7BB5D8C3"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sonicwall:sma_210_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4892669-DD8A-4A28-B6AA-632A8DA861AC", "versionEndExcluding": "10.0.0.0"}, {"criteria": "cpe:2.3:o:sonicwall:sma_210_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E62EEC93-6F52-4DDB-95F0-D5736391D64C"}, {"criteria": "cpe:2.3:o:sonicwall:sma_210_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B38AAB98-7668-4F34-8D5F-9933422F12DD"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sonicwall:sma210:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E069FF32-C6B6-4EB3-B6E4-CEF6A6C4257D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sonicwall:sma_400_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9AC3454-D403-4989-81F3-9DD7608967AA", "versionEndExcluding": "10.0.0.0"}, {"criteria": "cpe:2.3:o:sonicwall:sma_400_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9BE21589-3BEC-4245-9939-CF50DE70B12A"}, {"criteria": "cpe:2.3:o:sonicwall:sma_400_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "54946A90-09AC-4387-BACB-883AE70FD5A7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sonicwall:sma400:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8A0EF9C5-685E-49A4-ABFE-302781111753"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sonicwall:sma_410_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42AE0158-515A-4565-B814-27AEAD941304", "versionEndExcluding": "10.0.0.0"}, {"criteria": "cpe:2.3:o:sonicwall:sma_410_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53698BD3-43B6-4EC4-8847-E6ED9A3CB6F6"}, {"criteria": "cpe:2.3:o:sonicwall:sma_410_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F1FA3D8-C44A-4F33-B35D-AADF8C4E45DF"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sonicwall:sma410:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "47C0EBD9-B4BA-4E45-8BE3-3B6C60BF0FC1"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sonicwall:sma_500v_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4AE054F5-87E5-4DF5-9CD8-BF39428A092F", "versionEndExcluding": "10.0.0.0"}, {"criteria": "cpe:2.3:o:sonicwall:sma_500v_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "379F7CA2-8914-4710-AE6B-D2833605D4B8"}, {"criteria": "cpe:2.3:o:sonicwall:sma_500v_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9395563D-9071-4CE2-BAEA-D6854F4AD961"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sonicwall:sma500v:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8FF52AAE-592C-4472-866C-7776ADBA5E93"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "PSIRT@sonicwall.com"}

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2021-20050

7.5^/10

5.0^/10

Attach tags to `CVE-2021-20050`