A Stack-based buffer overflow in the SonicOS SessionID HTTP response header allows a remote authenticated attacker to cause Denial of Service (DoS) and potentially results in code execution in the firewall. This vulnerability affected SonicOS Gen 5, Gen 6 and Gen 7 firmware versions.
References
| Link | Resource |
|---|---|
| https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0028 | Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
Configuration 4 (hide)
| AND |
|
Configuration 5 (hide)
| AND |
|
Configuration 6 (hide)
| AND |
|
Configuration 7 (hide)
| AND |
|
History
19 Jan 2022, 13:49
| Type | Values Removed | Values Added |
|---|---|---|
| References | (CONFIRM) https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0028 - Vendor Advisory | |
| First Time |
Sonicwall nsv 800
Sonicwall nssp 15700 Sonicwall supermassive 9400 Sonicwall nsv 1600 Sonicwall tz370w Sonicwall tz300p Sonicwall nsa 2700 Sonicwall nsv 200 Sonicwall Sonicwall nssp 12800 Sonicwall supermassive E10400 Sonicwall nsa 3650 Sonicwall nsv 50 Sonicwall tz570w Sonicwall tz470 Sonicwall nsv 470 Sonicwall nsv 870 Sonicwall sonicos Sonicwall nssp 13700 Sonicwall tz300w Sonicwall nsv 270 Sonicwall nsa 9250 Sonicwall tz500w Sonicwall nsa 9450 Sonicwall tz350 Sonicwall supermassive 9200 Sonicwall tz500 Sonicwall nsa 6700 Sonicwall supermassive E10200 Sonicwall tz300 Sonicwall nsv 300 Sonicwall tz370 Sonicwall nsa 5650 Sonicwall nsa 4700 Sonicwall tz600 Sonicwall nsv 25 Sonicwall soho 250w Sonicwall tz270w Sonicwall supermassive 9600 Sonicwall nsa 2650 Sonicwall tz600p Sonicwall nsv 400 Sonicwall nsv 100 Sonicwall tz270 Sonicwall nsa 4650 Sonicwall nsv 10 Sonicwall nssp 12400 Sonicwall tz350w Sonicwall tz570p Sonicwall supermassive E10800 Sonicwall tz400w Sonicwall soho 250 Sonicwall supermassive 9800 Sonicwall tz570 Sonicwall tz470w Sonicwall tz670 Sonicwall tz400 Sonicwall nsa 9650 Sonicwall nsa 3700 Sonicwall nsa 6650 |
|
| CWE | CWE-787 | |
| CPE | cpe:2.3:h:sonicwall:nsa_2700:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:nssp_15700:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:supermassive_e10800:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:nsv_270:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:supermassive_9400:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:nsv_25:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:nsa_3700:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:nsa_9450:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:tz350w:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:nsv_50:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:tz470:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:tz300:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:nsv_870:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:tz470w:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:tz270w:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:nsv_100:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:tz570w:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:tz600p:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:nsa_3650:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:nsa_4650:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:tz570:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:tz600:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:nsv_10:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:tz370:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:tz350:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:supermassive_e10400:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:nsa_5650:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:tz400:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:nsv_800:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:tz670:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:tz300w:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:nssp_12800:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:nssp_13700:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:soho_250w:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:nsa_6650:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:nsa_9650:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:supermassive_e10200:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:tz500w:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:nsa_2650:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:nsv_200:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:tz500:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:nsv_400:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:nsa_4700:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:supermassive_9200:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:nsv_300:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:tz300p:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:supermassive_9600:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:nssp_12400:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:soho_250:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:nsv_470:-:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:tz270:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:tz370w:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:tz570p:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:supermassive_9800:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:nsa_9250:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:tz400w:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:nsv_1600:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:nsa_6700:-:*:*:*:*:*:*:* |
|
| CVSS |
v2 : v3 : |
v2 : 6.5
v3 : 8.8 |
10 Jan 2022, 14:14
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2022-01-10 14:10
Updated : 2023-12-10 14:09
NVD link : CVE-2021-20048
Mitre link : CVE-2021-20048
CVE.ORG link : CVE-2021-20048
JSON object : View
Products Affected
sonicwall
- tz300p
- nsa_4650
- tz300
- tz350
- tz400w
- tz670
- nsa_2650
- nssp_13700
- nsv_1600
- tz600
- supermassive_e10400
- nsv_800
- nsa_3650
- nsa_3700
- tz400
- tz470
- nsv_200
- nssp_15700
- supermassive_e10200
- tz570p
- nsa_5650
- supermassive_e10800
- tz270
- tz470w
- nsv_100
- nsv_270
- nsv_400
- tz370w
- nsa_9250
- tz570w
- nsa_6650
- soho_250
- soho_250w
- nsa_9650
- supermassive_9200
- supermassive_9400
- nsa_2700
- tz350w
- tz600p
- tz500
- nsa_4700
- nsv_870
- nssp_12800
- tz300w
- nssp_12400
- tz270w
- tz500w
- nsv_10
- tz570
- sonicos
- nsv_300
- nsv_50
- tz370
- supermassive_9800
- nsa_6700
- nsv_25
- supermassive_9600
- nsa_9450
- nsv_470