Wednesday, December 8, 2021

SonicWall SMA 100: CVE-2021-20043: getBookmarks Heap-based Buffer Overflow

Description
A critical severity vulnerability (CVSS 8.8) in SMA 100 appliances, which includes SMA 200, 210, 400, 410 and 500v could allow a Remote authenticated attacker can cause Heap-based Buffer Overflow and would result in code execution as the nobody user in the SMA100 appliance. It was observed that the SMA100 appliances with WAF licensed/enabled are also impacted by this vulnerability. This Vulnerability is due to the RAC_GET_BOOKMARKS_HTML5 (RacNumber 35) method that allows users to list their bookmarks. This method is vulnerable to heap-based buffer-overflow, due to unchecked use of strcat. So remote authenticated attacker can cause Heap-based Buffer Overflow and would result in code execution as the nobody user in the SMA100 appliance. There is no evidence that this vulnerability is being exploited in the wild. SonicWall strongly urges that organizations follow the guidance below to patch SMA 100 series products, which include SMA 200, 210, 400, 410 and 500v.
Solution(s)
  • sonicwall-sma-100-upgrade-10.2.0.9-41sv
  • sonicwall-sma-100-upgrade-10.2.1.3-27sv


  • References
  • https://attackerkb.com/topics/cve-2021-20043
  • CVE - 2021-20043




  •  

    Copyright © 2021 Vulnerability Database | Cyber Details™

    thank you Templateism for the design - You should have written the code a little more complicated - Nothing Encrypted anymore