Remote Code Execution Vulnerability in SonicWall SMA Appliances
CVE-2021-20041

7.5HIGH

Key Information:

Vendor: Sonicwall
Status: Sonicwall Sma100
Vendor: CVE Published:; 8 December 2021

Summary

An unauthenticated remote attacker can exploit this vulnerability in SonicWall SMA appliances by sending specially crafted HTTP requests. This results in a resource exhaustion issue, causing the affected devices to enter a state where the CPU usage significantly increases due to continuous looping processes with no feasible exit condition. The impacted appliances include models SMA 200, SMA 210, SMA 400, SMA 410, and SMA 500v, making it crucial for users to implement safeguards and monitor network traffic.

Affected Version(s)

SonicWall SMA100 9.0.0.11-31sv and earlier

SonicWall SMA100 10.2.0.8-37sv and earlier

SonicWall SMA100 10.2.1.1-19sv and earlier

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-202...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 8, 2021
Vulnerability Reserved
Dec 17, 2020