CVE-2021-20038
| CVE Published | 2021-12-08 |
|---|---|
| Related CWE(s) | CWE-121: Stack-based Buffer Overflow, CWE-787: Out-of-bounds Write |
| Related Vendor(s) | sonicwall |
| Related Product(s) | sma_400_firmware, sma_410_firmware, sma_200_firmware, sma_210_firmware, sma_500v_firmware |
| Exploitation Reported (CISA KEV) | 2022-01-28 |
| CVSS 3 Base Score | 9.8 (CRITICAL) |
| CVSS 3 Attack Complexity | LOW |
| CVSS 3 Attack Vector | NETWORK |
A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv and earlier versions.
Cyber Threat Graph Context
Explore how this CVE relates to the wider threat graph
Threat Reports Related to CVE-2021-20038
Report
North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs
This cybersecurity advisory from the U.S. Federal Bureau of Investigation (FBI) and its partners, highlights the cyber espionage activities of the ...