CVE-2021-20034

Published on: 09/27/2021 12:00:00 AM UTC

Last Modified on: 10/20/2021 06:15:00 PM UTC

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Certain versions of Sma 200 from Sonicwall contain the following vulnerability:

An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings.

  • CVE-2021-20034 has been assigned by URL Logo [email protected] to track the vulnerability - currently rated as CRITICAL severity.
  • Affected Vendor/Software: URL Logo SonicWall - SMA100 version 9.0.0.10-28sv and earlier
  • Affected Vendor/Software: URL Logo SonicWall - SMA100 version 10.2.0.7-34sv and earlier
  • Affected Vendor/Software: URL Logo SonicWall - SMA100 version 10.2.1.0-17sv and earlier

CVSS3 Score: 9.1 - CRITICAL

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW NONE NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED NONE HIGH HIGH

CVSS2 Score: 6.4 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
NONE PARTIAL PARTIAL

CVE References

Description Tags Link
Security Advisory psirt.global.sonicwall.com
text/html
URL Logo CONFIRM psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0021
SonicWall SMA 10.2.1.0-17sv Password Reset ≈ Packet Storm packetstormsecurity.com
text/html
URL Logo MISC packetstormsecurity.com/files/164564/SonicWall-SMA-10.2.1.0-17sv-Password-Reset.html

Related QID Numbers

  • 730226 SonicWall Secure Mobile Access 100 series Unauthenticated Arbitrary File Delete Vulnerability (SNWLID-2021-0021)

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
HardwareSonicwallSma 200-AllAllAll
Operating
System
SonicwallSma 200 FirmwareAllAllAllAll
Operating
System
SonicwallSma 200 FirmwareAllAllAllAll
Operating
System
SonicwallSma 200 FirmwareAllAllAllAll
HardwareSonicwallSma 210-AllAllAll
Operating
System
SonicwallSma 210 FirmwareAllAllAllAll
Operating
System
SonicwallSma 210 FirmwareAllAllAllAll
Operating
System
SonicwallSma 210 FirmwareAllAllAllAll
HardwareSonicwallSma 400-AllAllAll
Operating
System
SonicwallSma 400 FirmwareAllAllAllAll
Operating
System
SonicwallSma 400 FirmwareAllAllAllAll
Operating
System
SonicwallSma 400 FirmwareAllAllAllAll
HardwareSonicwallSma 410-AllAllAll
Operating
System
SonicwallSma 410 FirmwareAllAllAllAll
Operating
System
SonicwallSma 410 FirmwareAllAllAllAll
Operating
System
SonicwallSma 410 FirmwareAllAllAllAll
ApplicationSonicwallSma 500vAllAllAllAll
ApplicationSonicwallSma 500vAllAllAllAll
ApplicationSonicwallSma 500vAllAllAllAll
  • cpe:2.3:h:sonicwall:sma_200:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:sonicwall:sma_200_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:sonicwall:sma_200_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:sonicwall:sma_200_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:sonicwall:sma_210:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:sonicwall:sma_210_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:sonicwall:sma_210_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:sonicwall:sma_210_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:sonicwall:sma_400:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:sonicwall:sma_400_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:sonicwall:sma_400_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:sonicwall:sma_400_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:sonicwall:sma_410:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:sonicwall:sma_410_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:sonicwall:sma_410_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:sonicwall:sma_410_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:sonicwall:sma_500v:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:sonicwall:sma_500v:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:sonicwall:sma_500v:*:*:*:*:*:*:*:*:

Social Mentions

Source Title Posted (UTC)
Twitter Icon @softek_jp SonicWall SMA 100 に任意のファイルを削除される問題 (CVE-2021-20034) [40066] sid.softek.jp/content/show/4… #SIDfm #脆弱性情報 2021-09-24 07:44:07
Twitter Icon @CSAsingapore SonicWall has released security updates to address a critical vulnerability (CVE-2021-20034) in their products. Rea… twitter.com/i/web/status/1… 2021-09-24 10:57:09
Twitter Icon @SG_Alerts [Notice-CSA] SonicWall has released security updates to address a critical vulnerability (CVE-2021-20034) in their… twitter.com/i/web/status/1… 2021-09-24 10:58:31
Twitter Icon @twelvesec #SonicWall fixes critical bug (CVE-2021-20034) allowing #SMA 100 device takeover. #CyberSecurity, #infosec… twitter.com/i/web/status/1… 2021-09-24 19:10:03
Twitter Icon @shah_sheikh CVE-2021-20034 flaw can allow SMA 100 device takeover, patch it now!: SonicWall fixed a critical security flaw, tra… twitter.com/i/web/status/1… 2021-09-24 20:33:33
Twitter Icon @thedpsadvisors CVE-2021-20034 flaw can allow SMA 100 device takeover, patch it now! securityaffairs.co/wordpress/1225… 2021-09-24 20:33:33
Twitter Icon @AcooEdi CVE-2021-20034 flaw can allow SMA 100 device takeover, patch it now! dlvr.it/S8Gc4K 2021-09-24 20:33:33
Twitter Icon @securityaffairs CVE-2021-20034 flaw can allow #SMA 100 device takeover, patch it now! securityaffairs.co/wordpress/1225… #securityaffairs #hacking 2021-09-24 20:33:51
Twitter Icon @Alevskey CVE-2021-20034 flaw can allow SMA 100 device takeover, patch it now!: ift.tt/39CefFC by Security Affairs… twitter.com/i/web/status/1… 2021-09-24 20:40:34
Twitter Icon @profxeni r/t "CVE-2021-20034 flaw can allow SMA 100 device takeover, patch it now!" bit.ly/2XX3JXc 2021-09-24 20:47:40
Twitter Icon @security_inside CVE-2021-20034 flaw can allow SMA 100 device takeover, patch it now! securityaffairs.co/wordpress/1225… 2021-09-24 20:49:11
Twitter Icon @IT_securitynews CVE-2021-20034 flaw can allow SMA 100 device takeover, patch it now! itsecuritynews.info/cve-2021-20034… 2021-09-24 21:06:44
Twitter Icon @daveDFIR ift.tt/39CefFC .. CVE-2021-20034 flaw can allow SMA 100 device takeover, patch it now! #news #tech #nsa… twitter.com/i/web/status/1… 2021-09-24 21:28:39
Twitter Icon @cKure7 ■■■□□ SonicWall fixed a critical security flaw, tracked as CVE-2021-20034, that impacts some Secure Mobile Access (… twitter.com/i/web/status/1… 2021-09-24 21:30:44
Twitter Icon @CyberIQs_ CVE-2021-20034 flaw can allow SMA 100 device takeover, patch it now! cyberiqs.com/cve-2021-20034… #infosec #infosecurity… twitter.com/i/web/status/1… 2021-09-24 22:03:14
Twitter Icon @ellenke64965894 CVE-2021-20034 flaw can allow SMA 100 device takeover, patch it now! securityaffairs.co/wordpress/1225… #cybersecurity 2021-09-24 22:20:28
Twitter Icon @SecurityNewsbot CVE-2021-20034 #flaw can allow SMA 100 device takeover, patch it now! securityaffairs.co/wordpress/1225… #SecurityAffairs 2021-09-24 22:45:09
Twitter Icon @mrsyedalihasan CVE-2021-20034 flaw can allow SMA 100 device takeover, patch it now! dlvr.it/S8H3HT 2021-09-24 23:02:03
Twitter Icon @SicurezzaICT CVE-2021-20034 flaw can allow SMA 100 device takeover, patch it now! dlvr.it/S8H3Hm 2021-09-24 23:02:03
Twitter Icon @LudovicoLoreti CVE-2021-20034 flaw can allow SMA 100 device takeover, patch it now! securityaffairs.co/wordpress/1225… #Security… twitter.com/i/web/status/1… 2021-09-25 05:01:18
Twitter Icon @TechKeg CVE-2021-20034 flaw can allow SMA 100 device takeover, patch it now! securityaffairs.co/wordpress/1225… #cybersecurity… twitter.com/i/web/status/1… 2021-09-25 08:52:32
Twitter Icon @jpcarsi ⚠️ ¿SonicWall en oficinas? Actualízalo. Equipos de la serie SMA 100 tienen vulnerabilidad crítica (CVE-2021-20034)… twitter.com/i/web/status/1… 2021-09-25 13:05:03
Twitter Icon @RedPacketSec CVE-2021-20034 flaw can allow SMA 100 device takeover, patch it now! - redpacketsecurity.com/cve-2021-20034… #Hacking #OSINT… twitter.com/i/web/status/1… 2021-09-25 16:03:02
Twitter Icon @securityaffairs CVE-2021-20034 flaw can allow #SMA 100 device takeover, patch it now! securityaffairs.co/wordpress/1225… #securityaffairs #hacking 2021-09-25 19:32:06
Twitter Icon @securityaffairs CVE-2021-20034 flaw can allow #SMA 100 device takeover, patch it now! securityaffairs.co/wordpress/1225… #securityaffairs #hacking 2021-09-26 11:40:49
Twitter Icon @rich_outlaw URGENT PATCH THIS NOW....!! SonicWall fixed a critical security flaw, tracked as CVE-2021-20034, that impacts some… twitter.com/i/web/status/1… 2021-09-26 15:26:15
Twitter Icon @__kokumoto SonicWallがSecure Mobile Access (SMA) 100等複数機種の致命的不具合(CVE-2021-20034)をパッチ。同社製品は今年頭からランサムウェア集団により複数回狙われている。ファイルパスの制限不… twitter.com/i/web/status/1… 2021-09-26 23:17:25
Twitter Icon @CVEreport CVE-2021-20034 : An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to byp… twitter.com/i/web/status/1… 2021-09-27 17:27:06
Twitter Icon @Robo_Alerts Potentially Critical CVE Detected! CVE-2021-20034 Description: CVE-2021-20034 An improper access control vulnerabil… twitter.com/i/web/status/1… 2021-09-27 19:00:03
Reddit Logo Icon /r/k12cybersecurity MS-ISAC CYBERSECURITY ADVISORY - A Vulnerability in SonicWall SMA 100 Series Could Allow for Arbitrary File Deletion 2021-09-27 13:37:11
© CVE.report 2021 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report