CVE-2021-20049

A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. This vulnerability impacts 10.2.1.2-24sv, 10.2.0.8-37sv and earlier 10.x versions.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0030	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:sonicwall:sma_100_firmware::::::::
	cpe:2.3:o:sonicwall:sma_100_firmware:10.2.0.8-37sv:::::::*
	cpe:2.3:o:sonicwall:sma_100_firmware:10.2.1.2-24sv:::::::*

cpe:2.3:h:sonicwall:sma100:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

OR	cpe:2.3:o:sonicwall:sma_200_firmware::::::::
	cpe:2.3:o:sonicwall:sma_200_firmware:10.2.0.8-37sv:::::::*
	cpe:2.3:o:sonicwall:sma_200_firmware:10.2.1.2-24sv:::::::*

cpe:2.3:h:sonicwall:sma200:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

OR	cpe:2.3:o:sonicwall:sma_210_firmware::::::::
	cpe:2.3:o:sonicwall:sma_210_firmware:10.2.0.8-37sv:::::::*
	cpe:2.3:o:sonicwall:sma_210_firmware:10.2.1.2-24sv:::::::*

cpe:2.3:h:sonicwall:sma210:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

OR	cpe:2.3:o:sonicwall:sma_400_firmware::::::::
	cpe:2.3:o:sonicwall:sma_400_firmware:10.2.0.8-37sv:::::::*
	cpe:2.3:o:sonicwall:sma_400_firmware:10.2.1.2-24sv:::::::*

cpe:2.3:h:sonicwall:sma400:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

OR	cpe:2.3:o:sonicwall:sma_410_firmware::::::::
	cpe:2.3:o:sonicwall:sma_410_firmware:10.2.0.8-37sv:::::::*
	cpe:2.3:o:sonicwall:sma_410_firmware:10.2.1.2-24sv:::::::*

cpe:2.3:h:sonicwall:sma410:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

OR	cpe:2.3:o:sonicwall:sma_500v_firmware::::::::
	cpe:2.3:o:sonicwall:sma_500v_firmware:10.2.0.8-37sv:::::::*
	cpe:2.3:o:sonicwall:sma_500v_firmware:10.2.1.2-24sv:::::::*

cpe:2.3:h:sonicwall:sma500v:-:*:*:*:*:*:*:*

History

08 Jul 2022, 18:20

Type	Values Removed	Values Added
CWE	~~CWE-200~~	CWE-203

04 Jan 2022, 22:13

Type	Values Removed	Values Added
CPE		cpe:2.3:o:sonicwall:sma_400_firmware:10.2.0.8-37sv:::::::* cpe:2.3:o:sonicwall:sma_410_firmware:10.2.0.8-37sv:::::::* cpe:2.3:h:sonicwall:sma200:-:::::::* cpe:2.3:o:sonicwall:sma_200_firmware:::::::: cpe:2.3:o:sonicwall:sma_210_firmware:::::::: cpe:2.3:o:sonicwall:sma_400_firmware:::::::: cpe:2.3:h:sonicwall:sma410:-:::::::* cpe:2.3:h:sonicwall:sma500v:-:::::::* cpe:2.3:o:sonicwall:sma_100_firmware:::::::: cpe:2.3:o:sonicwall:sma_500v_firmware:::::::: cpe:2.3:o:sonicwall:sma_410_firmware:10.2.1.2-24sv:::::::* cpe:2.3:o:sonicwall:sma_200_firmware:10.2.1.2-24sv:::::::* cpe:2.3:o:sonicwall:sma_500v_firmware:10.2.0.8-37sv:::::::* cpe:2.3:o:sonicwall:sma_100_firmware:10.2.1.2-24sv:::::::* cpe:2.3:h:sonicwall:sma400:-:::::::* cpe:2.3:o:sonicwall:sma_200_firmware:10.2.0.8-37sv:::::::* cpe:2.3:o:sonicwall:sma_210_firmware:10.2.1.2-24sv:::::::* cpe:2.3:o:sonicwall:sma_400_firmware:10.2.1.2-24sv:::::::* cpe:2.3:o:sonicwall:sma_410_firmware:::::::: cpe:2.3:o:sonicwall:sma_100_firmware:10.2.0.8-37sv:::::::* cpe:2.3:h:sonicwall:sma210:-:::::::* cpe:2.3:h:sonicwall:sma100:-:::::::* cpe:2.3:o:sonicwall:sma_500v_firmware:10.2.1.2-24sv:::::::* cpe:2.3:o:sonicwall:sma_210_firmware:10.2.0.8-37sv:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 5.0 v3 : 7.5
First Time		Sonicwall sma 400 Firmware Sonicwall sma100 Sonicwall sma 410 Firmware Sonicwall sma 210 Firmware Sonicwall Sonicwall sma 100 Firmware Sonicwall sma500v Sonicwall sma 500v Firmware Sonicwall sma410 Sonicwall sma200 Sonicwall sma 200 Firmware Sonicwall sma400 Sonicwall sma210
CWE		CWE-200
References	~~(CONFIRM) https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0030 -~~	(CONFIRM) https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0030 - Vendor Advisory

23 Dec 2021, 02:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-12-23 02:15

Updated : 2023-12-10 14:09

NVD link : CVE-2021-20049

Mitre link : CVE-2021-20049

CVE.ORG link : CVE-2021-20049

JSON object : View

Products Affected

sonicwall

sma210
sma200
sma_210_firmware
sma100
sma_400_firmware
sma410
sma_200_firmware
sma_410_firmware
sma400
sma_500v_firmware
sma500v
sma_100_firmware

CWE

CWE-203

Observable Discrepancy

CWE-204

Observable Response Discrepancy

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2021-20049

7.5^/10

5.0^/10

Attach tags to `CVE-2021-20049`