Rapid7 Vulnerability & Exploit Database

SonicWall SMA 100: CVE-2021-20039: Authenticated Command Injection Vulnerability as Root

Free InsightVM Trial No Credit Card Necessary
Watch Demo See how it all works
Back to Search

SonicWall SMA 100: CVE-2021-20039: Authenticated Command Injection Vulnerability as Root

Severity
9
CVSS
(AV:N/AC:L/Au:S/C:C/I:C/A:C)
Published
12/07/2021
Created
12/08/2021
Added
12/07/2021
Modified
12/13/2021

Description

A high severity vulnerability (CVSS 7.2) in SMA 100 appliances, which includes SMA 200, 210, 400, 410 and 500v could allow remote authenticated attacker to execute arbitrary commands in the SMA 100 appliance as root user. This can potentially lead to the remote authenticated attacker taking over the control of the SMA 100 appliance remotely. It was noticed that the SMA 100 users with licensed/enabled WAF are not impacted by this vulnerability. The Vulnerability is due to the SonicWall SMA SSLVPN `/cgi-bin/viewcert` POST http method which allows authenticated individuals to upload, view, or delete SSL certificates. A remote authenticated attacker can execute arbitrary commands using this POST http method. There is no evidence that this vulnerability is being exploited in the wild. SonicWall strongly urges that organizations follow the guidance below to patch SMA 100 series products, which include SMA 200, 210, 400, 410 and 500v.

Solution(s)

  • sonicwall-sma-100-upgrade-10.2.0.9-41sv
  • sonicwall-sma-100-upgrade-10.2.1.3-27sv

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;