CVE-2021-20039 : Improper neutralization of special elements in the SMA100 management interface '

Improper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert' POST http method allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.

Published 2021-12-08 10:15:08

Updated 2022-04-01 15:27:07

Source SonicWALL, Inc.

View at NVD, CVE.org

Products affected by CVE-2021-20039

Sonicwall » Sma 200 Firmware » Version: 10.2.0.8-37sv
cpe:2.3:o:sonicwall:sma_200_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*
Matching versions
When used together with: Sonicwall » Sma 200 » Version: N/A
Sonicwall » Sma 200 Firmware » Version: 10.2.1.1-19sv
cpe:2.3:o:sonicwall:sma_200_firmware:10.2.1.1-19sv:*:*:*:*:*:*:*
Matching versions
When used together with: Sonicwall » Sma 200 » Version: N/A
Sonicwall » Sma 200 Firmware » Version: 9.0.0.11-31sv
cpe:2.3:o:sonicwall:sma_200_firmware:9.0.0.11-31sv:*:*:*:*:*:*:*
Matching versions
When used together with: Sonicwall » Sma 200 » Version: N/A
Sonicwall » Sma 210 Firmware » Version: 10.2.0.8-37sv
cpe:2.3:o:sonicwall:sma_210_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*
Matching versions
When used together with: Sonicwall » Sma 210 » Version: N/A
Sonicwall » Sma 210 Firmware » Version: 10.2.1.1-19sv
cpe:2.3:o:sonicwall:sma_210_firmware:10.2.1.1-19sv:*:*:*:*:*:*:*
Matching versions
When used together with: Sonicwall » Sma 210 » Version: N/A
Sonicwall » Sma 210 Firmware » Version: 9.0.0.11-31sv
cpe:2.3:o:sonicwall:sma_210_firmware:9.0.0.11-31sv:*:*:*:*:*:*:*
Matching versions
When used together with: Sonicwall » Sma 210 » Version: N/A
Sonicwall » Sma 400 Firmware » Version: 10.2.0.8-37sv
cpe:2.3:o:sonicwall:sma_400_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*
Matching versions
When used together with: Sonicwall » Sma 400 » Version: N/A
Sonicwall » Sma 400 Firmware » Version: 10.2.1.1-19sv
cpe:2.3:o:sonicwall:sma_400_firmware:10.2.1.1-19sv:*:*:*:*:*:*:*
Matching versions
When used together with: Sonicwall » Sma 400 » Version: N/A
Sonicwall » Sma 400 Firmware » Version: 9.0.0.11-31sv
cpe:2.3:o:sonicwall:sma_400_firmware:9.0.0.11-31sv:*:*:*:*:*:*:*
Matching versions
When used together with: Sonicwall » Sma 400 » Version: N/A
Sonicwall » Sma 410 Firmware » Version: 10.2.0.8-37sv
cpe:2.3:o:sonicwall:sma_410_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*
Matching versions
When used together with: Sonicwall » Sma 410 » Version: N/A
Sonicwall » Sma 410 Firmware » Version: 10.2.1.1-19sv
cpe:2.3:o:sonicwall:sma_410_firmware:10.2.1.1-19sv:*:*:*:*:*:*:*
Matching versions
When used together with: Sonicwall » Sma 410 » Version: N/A
Sonicwall » Sma 410 Firmware » Version: 9.0.0.11-31sv
cpe:2.3:o:sonicwall:sma_410_firmware:9.0.0.11-31sv:*:*:*:*:*:*:*
Matching versions
When used together with: Sonicwall » Sma 410 » Version: N/A
Sonicwall » Sma 500v Firmware » Version: 10.2.0.8-37sv
cpe:2.3:o:sonicwall:sma_500v_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*
Matching versions
When used together with: Sonicwall » Sma 500v » Version: N/A
Sonicwall » Sma 500v Firmware » Version: 10.2.1.1-19sv
cpe:2.3:o:sonicwall:sma_500v_firmware:10.2.1.1-19sv:*:*:*:*:*:*:*
Matching versions
When used together with: Sonicwall » Sma 500v » Version: N/A
Sonicwall » Sma 500v Firmware » Version: 9.0.0.11-31sv
cpe:2.3:o:sonicwall:sma_500v_firmware:9.0.0.11-31sv:*:*:*:*:*:*:*
Matching versions
When used together with: Sonicwall » Sma 500v » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2021-20039

EPSS FAQ

67.99%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 99 %

Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2021-20039

SonicWall SMA 100 Series Authenticated Command Injection

Disclosure Date: 2021-12-14

First seen: 2022-12-23

exploit/linux/http/sonicwall_cve_2021_20039

This module exploits an authenticated command injection vulnerability in the SonicWall SMA 100 series web interface. Exploitation results in command execution as root. The affected versions are: - 10.2.1.2-24sv and below - 10.2.0.8-37sv and below

More information

CVSS scores for CVE-2021-20039

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
9.0	HIGH	AV:N/AC:L/Au:S/C:C/I:C/A:C	8.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	2.8	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2021-20039

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Assigned by:
- nvd@nist.gov (Primary)
- PSIRT@sonicwall.com (Secondary)

References for CVE-2021-20039

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026

Vendor Advisory

CVEs referencing this url
http://packetstormsecurity.com/files/165563/SonicWall-SMA-100-Series-Authenticated-Command-Injection.html

SonicWall SMA 100 Series Authenticated Command Injection ≈ Packet Storm
Exploit;Third Party Advisory;VDB Entry

Jump to