Post-Authenticated Configuration File Export Vulnerability in SonicWall SMA100
CVE-2021-20018

4.9MEDIUM

Key Information:

Vendor: Sonicwall
Status: Sma100
Vendor: CVE Published:; 13 March 2021

Summary

The SonicWall SMA100 has a vulnerability that allows a post-authenticated attacker to export the device's configuration file to a specified email address. This security flaw affects SMA100 versions up to and including 10.2.0.5, potentially providing sensitive information to unauthorized users that can be misused for further attacks.

Affected Version(s)

SMA100 10.2.0.5 and earlier

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-202...

x_refsource_CONFIRM

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 13, 2021
Vulnerability Reserved
Dec 17, 2020