VDB
CVE-2021-20042
CVE-2021-20042
PUBLISHED
CVSS 7.5 HIGH
An unauthenticated remote attacker can use SMA 100 as an unintended proxy or intermediary undetectable proxy to bypass firewall rules. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.
EPSS 0.56% · 68.7th percentile
Risk Scores
CVSS 2.0
7.5
EPSS Score
0.56%
68.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| sonicwall | sma_500v_firmware | 10.2.0.8-37sv, 10.2.1.1-19sv, 9.0.0.11-31sv |
| SonicWall | SonicWall SMA100 | 9.0.0.11-31sv and earlier, 10.2.1.2-24sv and earlier, * |
| sonicwall | sma_410_firmware | 10.2.0.8-37sv, 10.2.1.1-19sv, 9.0.0.11-31sv |
| sonicwall | sma_400_firmware | 10.2.0.8-37sv, 10.2.1.1-19sv, 9.0.0.11-31sv |
| sonicwall | sma_210_firmware | 9.0.0.11-31sv, 10.2.0.8-37sv, 10.2.1.1-19sv |
| sonicwall | sma_200_firmware | 10.2.1.1-19sv, 10.2.0.8-37sv, 9.0.0.11-31sv |
Exploit Intelligence
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026 (circl)
- ET WEB_SERVER SonicWall SMA Unauthenticated sonicfiles Confused Deputy (CVE-2021-20042) (emergingthreats)
- ET WEB_SERVER SonicWall SMA Unauthenticated sonicfiles Confused Deputy (CVE-2021-20042) (emergingthreats)
- ET WEB_SERVER SonicWall SMA Unauthenticated sonicfiles Confused Deputy (CVE-2021-20042) (emergingthreats)
Timeline
- Dec 7, 2021 CVE Published
- Dec 9, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 2, 2022 EPSS Score
- Mar 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 22, 2022 EPSS Score
- Jul 16, 2022 EPSS Score
- Sep 9, 2022 EPSS Score
- Dec 27, 2022 EPSS Score
- Feb 19, 2023 EPSS Score
- Mar 7, 2023 EPSS Score