CVE-2021-20038

critical-risk

Published 2021-12-08

A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv and earlier versions.

Do I need to act?

94.3% chance of exploitation in next 30 days

EPSS score — higher than 6% of all CVEs

CISA KEV: actively exploited in the wild

On the Known Exploited Vulnerabilities catalog — federal agencies must patch

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (15)

Sma 200 Firmware

Sma 210 Firmware

Sma 410 Firmware

Sma 400 Firmware

Sma 500V Firmware

Affected Vendors

Sonicwall

References (7)

Exploit https://github.com/jbaines-r7/badblood

Vendor Advisory https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026

Exploit https://www.rapid7.com/blog/post/2022/01/11/cve-2021-20038-42-sonicwall-sma-100-...

Exploit https://github.com/jbaines-r7/badblood

Vendor Advisory https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026

Exploit https://www.rapid7.com/blog/post/2022/01/11/cve-2021-20038-42-sonicwall-sma-100-...

US Government Resource https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-...

/ 100

critical-risk

Severity 32/34 · Critical

Exploitability 27/34 · High

Exposure 18/34 · Moderate