Command Injection Vulnerability in SonicWall SMA100 Product
CVE-2021-20017

8.8HIGH

Key Information:

Vendor: Sonicwall
Status: Sma100
Vendor: CVE Published:; 13 March 2021

Summary

A command injection vulnerability exists in SonicWall SMA100, allowing authenticated attackers to execute arbitrary OS commands under the 'nobody' user. This flaw affects versions 10.2.0.5 and earlier, potentially compromising system integrity and security. It's crucial for users to apply security patches to mitigate this risk.

Affected Version(s)

SMA100 10.2.0.5 and earlier

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-202...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 13, 2021
Vulnerability Reserved
Dec 17, 2020