CRITICAL🇵🇱 Wersja polska

CVE-2021-20042

CVSS 9.8v3.1pub. 2021-12-08upd. 2024-11-21

An unauthenticated remote attacker can use SMA 100 as an unintended proxy or intermediary undetectable proxy to bypass firewall rules. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Sonicwall Sma 200

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Sma 200 Firmware

    OS
    Sonicwall
    10.2.0.8-37sv10.2.1.1-19sv9.0.0.11-31sv
  • Sonicwall Sma 210

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Sma 210 Firmware

    OS
    Sonicwall
    10.2.0.8-37sv10.2.1.1-19sv9.0.0.11-31sv
  • Sonicwall Sma 400

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Sma 400 Firmware

    OS
    Sonicwall
    10.2.0.8-37sv10.2.1.1-19sv9.0.0.11-31sv
  • Sonicwall Sma 410

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Sma 410 Firmware

    OS
    Sonicwall
    10.2.0.8-37sv10.2.1.1-19sv9.0.0.11-31sv
  • Sonicwall Sma 500v

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Sma 500v Firmware

    OS
    Sonicwall
    10.2.0.8-37sv10.2.1.1-19sv9.0.0.11-31sv
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Firewall
CWE
References

Related vulnerabilities

CVE-2024-38475CRITICAL9.1⚠ KEVPL ✓ten sam produkt

Apache HTTP Server mod_rewrite — ujawnienie kodu i RCE poprzez błędne escapowanie

CVE-2021-20038CRITICAL9.8⚠ KEVten sam produkt

A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variabl...

CVE-2021-20028CRITICAL9.8⚠ KEVten sam produkt

Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure R...

CVE-2021-20016CRITICAL9.8⚠ KEVten sam produkt

A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker ...

CVE-2025-40599CRITICAL9.1PL ✓ten sam produkt

SonicWall SMA 100 — nieautoryzowany upload pliku prowadzący do RCE