Vulnerabilities > CVE-2021-20049 - Information Exposure Through Discrepancy vulnerability in Sonicwall products

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
sonicwall
CWE-203

Summary

A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. This vulnerability impacts 10.2.1.2-24sv, 10.2.0.8-37sv and earlier 10.x versions.

Vulnerable Configurations

Part Description Count
OS
Sonicwall
38
Hardware
Sonicwall
6

Common Weakness Enumeration (CWE)