Thursday, December 9, 2021

SonicWall SMA 100: CVE-2021-20040: Unauthenticated File Upload Path Traversal Vulnerability

Description
A medium severity vulnerability (CVSS 6.5) in SMA 100 appliances, which includes SMA 200, 210, 400, 410 and 500v could allow remote unauthenticated attacker to upload arbitrary files. Attacker can upload crafted web pages to the web server's root directory or malicious files to any directory in the appliance. It was observed that SMA 100 devices with WAF licensed/enabled are also impacted by this vulnerability. This is due to the Path Traversal Attack Vulnerability. The Path traversal attacks vulnerability in SMA100 shares functionality that allows remote unauthenticated attacker to upload arbitrary files to any directory in the appliance. There is no evidence that this vulnerability is being exploited in the wild. SonicWall strongly urges that organizations follow the guidance below to patch SMA 100 series products, which include SMA 200, 210, 400, 410 and 500v.
Solution(s)
  • sonicwall-sma-100-upgrade-10.2.0.9-41sv
  • sonicwall-sma-100-upgrade-10.2.1.3-27sv


  • References
  • https://attackerkb.com/topics/cve-2021-20040
  • CVE - 2021-20040




  •  

    Copyright © 2021 Vulnerability Database | Cyber Details™

    thank you Templateism for the design - You should have written the code a little more complicated - Nothing Encrypted anymore