OS Command Injection Vulnerability in SonicWall SMA100 Appliance
CVE-2020-5146

7.2HIGH

Key Information:

Vendor: Sonicwall
Status: Sma100
Vendor: CVE Published:; 9 January 2021

Summary

A vulnerability exists in the SonicWall SMA100 appliance, enabling an authenticated management-user to exploit OS command injection through manipulated HTTP POST parameters. This flaw compromises the appliance's integrity and allows for unauthorized command execution, potentially leading to broader system access or data breach. Security measures should be implemented to mitigate this risk, particularly for versions 10.2.0.2-20sv and earlier.

Affected Version(s)

SMA100 10.2.0.2-20sv and earlier

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-202...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 9, 2021
Vulnerability Reserved
Dec 31, 2019