CVE-2021-20046

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2021-20046

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.5 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

A

Stack-based buffer overflow in the SonicOS HTTP Content-Length response header allows a remote authenticated attacker to cause Denial of Service (DoS) and potentially results in code execution in the firewall. This vulnerability affected SonicOS Gen 5, Gen 6 and Gen 7 firmware versions.

References
Link Resource
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0027 Vendor Advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0027 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*
OR cpe:2.3:h:sonicwall:nsa_2650:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_2700:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_3650:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_3700:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_4650:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_4700:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_5650:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_6650:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_6700:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_9250:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_9450:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_9650:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz270:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz270w:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz300:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz300p:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz300w:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz350:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz350w:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz370:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz370w:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz400:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz400w:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz470:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz470w:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz500:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz500w:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz570:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz570p:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz570w:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz600:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz600p:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz670:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*
OR cpe:2.3:h:sonicwall:nsv_10:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsv_100:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsv_1600:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsv_200:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsv_25:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsv_270:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsv_300:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsv_400:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsv_470:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsv_50:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsv_800:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsv_870:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*
OR cpe:2.3:h:sonicwall:nssp_12400:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nssp_12800:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nssp_13700:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nssp_15700:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*
OR cpe:2.3:h:sonicwall:nsa_2650:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_2700:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_3650:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_3700:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_4650:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_4700:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_5650:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_6650:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_6700:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_9250:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_9450:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_9650:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:soho_250w:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:supermassive_9200:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:supermassive_9400:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:supermassive_9600:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:supermassive_9800:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz270:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz270w:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz300:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz300p:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz300w:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz350:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz350w:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz370:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz370w:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz400:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz400w:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz470:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz470w:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz500:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz500w:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz570:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz570p:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz570w:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz600:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz600p:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz670:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*
OR cpe:2.3:h:sonicwall:nssp_12400:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nssp_12800:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:supermassive_9800:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*
OR cpe:2.3:h:sonicwall:supermassive_e10200:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:supermassive_e10400:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:supermassive_e10800:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*
OR cpe:2.3:h:sonicwall:nsa_2650:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_2700:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_3650:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_3700:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_4650:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_4700:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_5650:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_6650:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_6700:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_9250:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_9450:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_9650:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:soho_250:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:soho_250w:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz270:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz270w:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz300:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz300p:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz300w:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz350:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz350w:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz370:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz370w:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz400:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz400w:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz470:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz470w:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz500:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz500w:-:*:*:*:*:*:*:*
History

21 Nov 2024, 05:45

Type Values Removed Values Added
References () https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0027 - Vendor Advisory () https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0027 - Vendor Advisory
Information

Published : 2022-01-10 14:10

Updated : 2024-11-21 05:45

NVD link : CVE-2021-20046

Mitre link : CVE-2021-20046

CVE.ORG link : CVE-2021-20046

JSON object : View

Products Affected

sonicwall

CWE
CWE-121

Stack-based Buffer Overflow

CWE-787

Out-of-bounds Write