U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:sonicwall:sma_500v_firmware:10.2.1.1-19sv:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 10 matching records.
Displaying matches 1 through 10.
Vuln ID Summary CVSS Severity
CVE-2022-2915

A Heap-based Buffer Overflow vulnerability in the SonicWall SMA100 appliance allows a remote authenticated attacker to cause Denial of Service (DoS) on the appliance or potentially lead to code execution. This vulnerability impacts 10.2.1.5-34sv and earlier versions.

Published: August 26, 2022; 5:15:08 PM -0400
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2022-1703

Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inject OS Commands which potentially leads to remote command execution vulnerability or denial of service (DoS) attack.

Published: June 08, 2022; 5:15:08 AM -0400
V3.1: 8.8 HIGH
V2.0: 9.0 HIGH
CVE-2021-20045

A buffer overflow vulnerability in SMA100 sonicfiles RAC_COPY_TO (RacNumber 36) method allows a remote unauthenticated attacker to potentially execute code as the 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.

Published: December 08, 2021; 5:15:08 AM -0500
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2021-20044

A post-authentication remote command injection vulnerability in SonicWall SMA100 allows a remote authenticated attacker to execute OS system commands in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.

Published: December 08, 2021; 5:15:08 AM -0500
V3.1: 8.8 HIGH
V2.0: 9.0 HIGH
CVE-2021-20043

A Heap-based buffer overflow vulnerability in SonicWall SMA100 getBookmarks method allows a remote authenticated attacker to potentially execute code as the nobody user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.

Published: December 08, 2021; 5:15:08 AM -0500
V3.1: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2021-20042

An unauthenticated remote attacker can use SMA 100 as an unintended proxy or intermediary undetectable proxy to bypass firewall rules. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.

Published: December 08, 2021; 5:15:08 AM -0500
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2021-20041

An unauthenticated and remote adversary can consume all of the device's CPU due to crafted HTTP requests sent to SMA100 /fileshare/sonicfiles/sonicfiles resulting in a loop with unreachable exit condition. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.

Published: December 08, 2021; 5:15:08 AM -0500
V3.1: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2021-20040

A relative path traversal vulnerability in the SMA100 upload funtion allows a remote unauthenticated attacker to upload crafted web pages or files as a 'nobody' user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.

Published: December 08, 2021; 5:15:07 AM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2021-20039

Improper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert' POST http method allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.

Published: December 08, 2021; 5:15:07 AM -0500
V3.1: 8.8 HIGH
V2.0: 9.0 HIGH
CVE-2021-20038

A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv and earlier versions.

Published: December 08, 2021; 5:15:07 AM -0500
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH