Vulnerability Details CVE-2021-20045
A buffer overflow vulnerability in SMA100 sonicfiles RAC_COPY_TO (RacNumber 36) method allows a remote unauthenticated attacker to potentially execute code as the 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.029
EPSS Ranking 85.9%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2021-20045
-
cpe:2.3:h:sonicwall:sma_200:-
-
cpe:2.3:h:sonicwall:sma_210:-
-
cpe:2.3:h:sonicwall:sma_400:-
-
cpe:2.3:h:sonicwall:sma_410:-
-
cpe:2.3:h:sonicwall:sma_500v:-
-
cpe:2.3:o:sonicwall:sma_200_firmware:10.2.0.8-37sv
-
cpe:2.3:o:sonicwall:sma_200_firmware:10.2.1.1-19sv
-
cpe:2.3:o:sonicwall:sma_210_firmware:10.2.0.8-37sv
-
cpe:2.3:o:sonicwall:sma_210_firmware:10.2.1.1-19sv
-
cpe:2.3:o:sonicwall:sma_400_firmware:10.2.0.8-37sv
-
cpe:2.3:o:sonicwall:sma_400_firmware:10.2.1.1-19sv
-
cpe:2.3:o:sonicwall:sma_410_firmware:10.2.0.8-37sv
-
cpe:2.3:o:sonicwall:sma_410_firmware:10.2.1.1-19sv
-
cpe:2.3:o:sonicwall:sma_500v_firmware:10.2.0.8-37sv
-
cpe:2.3:o:sonicwall:sma_500v_firmware:10.2.1.1-19sv