Vulnerabilities > CVE-2021-20049 - Information Exposure Through Discrepancy vulnerability in Sonicwall products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
sonicwall
CWE-203
NVD
Published: 2021-12-23
Updated: 2022-07-08

Summary

A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. This vulnerability impacts 10.2.1.2-24sv, 10.2.0.8-37sv and earlier 10.x versions.

Vulnerable Configurations

Part Description Count
OS
Sonicwall
38
Hardware
Sonicwall
6

Common Weakness Enumeration (CWE)

References