Security Misconfiguration in SonicWall Analytics Affects Remote Code Execution
CVE-2021-20032

9.8CRITICAL

Key Information:

Vendor: Sonicwall
Status: Sonicwall Analytics On-prem
Vendor: CVE Published:; 10 August 2021

Summary

SonicWall Analytics On-Prem versions prior to 2.5.2518 are susceptible to a security misconfiguration that involves the Java Debug Wire Protocol (JDWP) interface. This vulnerability can potentially allow remote attackers to execute arbitrary code on the affected systems, thereby compromising the integrity, availability, and confidentiality of the data.

Affected Version(s)

SonicWall Analytics On-Prem Analytics On-Prem 2.5.2518 and earlier

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-202...

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 10, 2021
Vulnerability Reserved
Dec 17, 2020