Vulnerabilities > CVE-2021-20043 - Out-of-bounds Write vulnerability in Sonicwall products

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

sonicwall

CWE-787

NVD

Published: 2021-12-08

Updated: 2021-12-10

Summary

A Heap-based buffer overflow vulnerability in SonicWall SMA100 getBookmarks method allows a remote authenticated attacker to potentially execute code as the nobody user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.

Vulnerable Configurations

Part	Description	Count
OS	Sonicwall Sonicwall SMA 200 Firmware 10.2.0.8-37Sv Sonicwall SMA 200 Firmware 10.2.1.1-19Sv Sonicwall SMA 210 Firmware 10.2.0.8-37Sv Sonicwall SMA 210 Firmware 10.2.1.1-19Sv Sonicwall SMA 410 Firmware 10.2.0.8-37Sv Sonicwall SMA 410 Firmware 10.2.1.1-19Sv Sonicwall SMA 400 Firmware 10.2.0.8-37Sv Sonicwall SMA 400 Firmware 10.2.1.1-19Sv Sonicwall SMA 500V Firmware 10.2.0.8-37Sv Sonicwall SMA 500V Firmware 10.2.1.1-19Sv	10
Hardware	Sonicwall Sonicwall SMA 200 - Sonicwall SMA 210 - Sonicwall SMA 410 - Sonicwall SMA 400 - Sonicwall SMA 500V -	5

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Related news

References