Stack-Based Buffer Overflow in SMA100 Apache httpd Server by SonicWall
CVE-2021-20038
Key Information:
- Vendor
Sonicwall
- Status
- Vendor
- CVE Published:
- 8 December 2021
Badges
What is CVE-2021-20038?
A stack-based buffer overflow vulnerability in the Apache httpd server's mod_cgi module on SonicWall's SMA100 appliances could allow a remote, unauthenticated attacker to execute arbitrary code with the privileges of the 'nobody' user. This issue affects multiple SMA appliance models, specifically versions prior to firmware updates 10.2.0.8-37sv, 10.2.1.1-19sv, and 10.2.1.2-24sv. Users are advised to update their firmware to mitigate this risk and secure their systems against potential exploitation.
CISA has reported CVE-2021-20038
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2021-20038 as being exploited and is known by the CISA as enabling ransomware campaigns.
The CISA's recommendation is: Apply updates per vendor instructions.
Affected Version(s)
SonicWall SMA100 10.2.0.8-37sv and earlier
SonicWall SMA100 10.2.1.1-19sv and earlier
SonicWall SMA100 10.2.1.2-24sv and earlier
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
EPSS Score
94% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 🟡
Public PoC available
- 💰
Used in Ransomware
- 👾
Exploit known to exist
- 🦅
CISA Reported
Vulnerability published
Vulnerability Reserved