WEB APPLICATION VULNERABILITIES Standard & Premium

Sonicwall SMA 100 Unintended proxy (CVE-2021-20042)

Description

Sonicwall SMA 100 allows an unauthenticated attacker to interact with hosts on the internal network which is otherwise not accessible externally.

Remediation

Upgrade to the latest version of Sonicwall

References

CVE-2021-20038..42: SonicWall SMA 100 Multiple Vulnerabilities

Related Vulnerabilities

Oracle Weblogic T3 XXE (CVE-2019-2647)

SAP BO BIP SSRF (CVE-2020-6308)

Apache Solr SSRF CVE-2017-3164

ForgeRock AM / OpenAM Deserialization RCE (CVE-2021-35464)

WS_FTP AHT Deserialization RCE (CVE-2023-40044)

Severity

Medium

Classification

CWE-441 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags