Description
A critical severity vulnerability (CVSS 8.8) in SMA 100 appliances, which includes SMA 200, 210, 400, 410 and 500v could allow a Remote authenticated attacker can cause Heap-based Buffer Overflow and would result in code execution as the nobody user in the SMA100 appliance. It was observed that the SMA100 appliances with WAF licensed/enabled are also impacted by this vulnerability. This Vulnerability is due to the RAC_GET_BOOKMARKS_HTML5 (RacNumber 35) method that allows users to list their bookmarks. This method is vulnerable to heap-based buffer-overflow, due to unchecked use of strcat. So remote authenticated attacker can cause Heap-based Buffer Overflow and would result in code execution as the nobody user in the SMA100 appliance. There is no evidence that this vulnerability is being exploited in the wild. SonicWall strongly urges that organizations follow the guidance below to patch SMA 100 series products, which include SMA 200, 210, 400, 410 and 500v.
Solution(s)
sonicwall-sma-100-upgrade-10.2.0.9-41svsonicwall-sma-100-upgrade-10.2.1.3-27sv
Referenceshttps://attackerkb.com/topics/cve-2021-20043CVE - 2021-20043