CVE-2021-20039 — Vulnetix

Try Vulnetix Request Demo

CVE-2021-20039 PUBLISHED CVSS 9 CRITICAL

Improper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert' POST http method allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.

EPSS 82.46% · 99.2th percentile

Risk Scores

CVSS v2.0

9

EPSS Score

82.46%

99.2th percentile

Affected Products

Vendor	Product	Versions
sonicwall	sma_200_firmware	10.2.1.1-19sv, 9.0.0.11-31sv, 10.2.0.8-37sv
sonicwall	sma_400_firmware	10.2.0.8-37sv, 10.2.1.1-19sv, 9.0.0.11-31sv
sonicwall	sma_210_firmware	10.2.0.8-37sv, 9.0.0.11-31sv, 10.2.1.1-19sv
sonicwall	sma_410_firmware	10.2.1.1-19sv, 10.2.0.8-37sv, 9.0.0.11-31sv
sonicwall	sma_500v_firmware	10.2.0.8-37sv, 10.2.1.1-19sv, 9.0.0.11-31sv
SonicWall	SonicWall SMA100	10.2.0.8-37sv and earlier, 9.0.0.11-31sv and earlier, 10.2.1.2-24sv and earlier

Timeline

Dec 8, 2021 CVE Published
Dec 9, 2021 EPSS Score
Jan 12, 2022 PoC Published
Jan 13, 2022 PoC Published
Jan 13, 2022 EPSS Score
Jan 14, 2022 EPSS Score
Jan 26, 2022 PoC Published
Apr 1, 2022 EPSS Score
Apr 11, 2023 EPSS Score
Jul 30, 2023 EPSS Score
Aug 13, 2023 EPSS Score
Oct 11, 2023 EPSS Score

References

Open in Interactive Console →