A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. This vulnerability impacts 10.2.1.2-24sv, 10.2.0.8-37sv and earlier 10.x versions.
References
Link | Resource |
---|---|
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0030 | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
History
08 Jul 2022, 18:20
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-203 |
04 Jan 2022, 22:13
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:sonicwall:sma_400_firmware:10.2.0.8-37sv:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:sma_410_firmware:10.2.0.8-37sv:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:sma200:-:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:sma_200_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:sma_210_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:sma_400_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:sma410:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:sma500v:-:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:sma_100_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:sma_500v_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:sma_410_firmware:10.2.1.2-24sv:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:sma_200_firmware:10.2.1.2-24sv:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:sma_500v_firmware:10.2.0.8-37sv:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:sma_100_firmware:10.2.1.2-24sv:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:sma400:-:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:sma_200_firmware:10.2.0.8-37sv:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:sma_210_firmware:10.2.1.2-24sv:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:sma_400_firmware:10.2.1.2-24sv:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:sma_410_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:sma_100_firmware:10.2.0.8-37sv:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:sma210:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:sma100:-:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:sma_500v_firmware:10.2.1.2-24sv:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:sma_210_firmware:10.2.0.8-37sv:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
First Time |
Sonicwall sma 400 Firmware
Sonicwall sma100 Sonicwall sma 410 Firmware Sonicwall sma 210 Firmware Sonicwall Sonicwall sma 100 Firmware Sonicwall sma500v Sonicwall sma 500v Firmware Sonicwall sma410 Sonicwall sma200 Sonicwall sma 200 Firmware Sonicwall sma400 Sonicwall sma210 |
|
CWE | CWE-200 | |
References | (CONFIRM) https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0030 - Vendor Advisory |
23 Dec 2021, 02:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-12-23 02:15
Updated : 2023-12-10 14:09
NVD link : CVE-2021-20049
Mitre link : CVE-2021-20049
CVE.ORG link : CVE-2021-20049
JSON object : View
Products Affected
sonicwall
- sma210
- sma200
- sma_210_firmware
- sma100
- sma_400_firmware
- sma410
- sma_200_firmware
- sma_410_firmware
- sma400
- sma_500v_firmware
- sma500v
- sma_100_firmware