CVE-2021-20039

high-risk

Published 2021-12-08

Improper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert' POST http method allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.

Do I need to act?

82.5% chance of exploitation in next 30 days

EPSS score — higher than 18% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.8/10 High

NETWORK / LOW complexity

Affected Products (15)

Sma 200 Firmware

Sma 210 Firmware

Sma 410 Firmware

Sma 400 Firmware

Sma 500V Firmware

Affected Vendors

Sonicwall

References (5)

Exploit http://packetstormsecurity.com/files/165563/SonicWall-SMA-100-Series-Authenticat...

Vendor Advisory https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026

Exploit http://packetstormsecurity.com/files/165563/SonicWall-SMA-100-Series-Authenticat...

Vendor Advisory https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026

https://attackerkb.com/topics/9szJhq46lw/cve-2021-20039/rapid7-analysis

/ 100

high-risk

Severity 30/34 · Critical

Exploitability 20/34 · Moderate

Exposure 18/34 · Moderate