PT-2021-13739 · Sonicwall · Sonicwall Sma210+5
Published
2021-12-08
·
Updated
2021-12-10
·
CVE-2021-20043
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
SonicWall SMA100 versions (affected versions not specified)
SonicWall SMA200 (affected versions not specified)
SonicWall SMA210 (affected versions not specified)
SonicWall SMA400 (affected versions not specified)
SonicWall SMA410 (affected versions not specified)
SonicWall SMA500v (affected versions not specified)
Description:
A Heap-based buffer overflow vulnerability in the
getBookmarks method allows a remote authenticated attacker to potentially execute code as the nobody user in the appliance.Recommendations:
For SonicWall SMA100, update to a version that fixes the Heap-based buffer overflow vulnerability in the
getBookmarks method.
For SonicWall SMA200, update to a version that fixes the Heap-based buffer overflow vulnerability in the getBookmarks method.
For SonicWall SMA210, update to a version that fixes the Heap-based buffer overflow vulnerability in the getBookmarks method.
For SonicWall SMA400, update to a version that fixes the Heap-based buffer overflow vulnerability in the getBookmarks method.
For SonicWall SMA410, update to a version that fixes the Heap-based buffer overflow vulnerability in the getBookmarks method.
For SonicWall SMA500v, update to a version that fixes the Heap-based buffer overflow vulnerability in the getBookmarks method.
As a temporary workaround, consider disabling the getBookmarks method until a patch is available.Fix
Heap Based Buffer Overflow
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sonicwall Sma100
Sonicwall Sma200
Sonicwall Sma210
Sonicwall Sma400
Sonicwall Sma410
Sonicwall Sma500V