CVE-2021-20019
23.06.2021, 22:15
A vulnerability in SonicOS where the HTTP server response leaks partial memory by sending a crafted HTTP request, this can potentially lead to an internal sensitive data disclosure vulnerability.Enginsight
| Vendor | Product | Version |
|---|---|---|
| sonicwall | sonicos | 7.0.0 ≤ 𝑥 < 7.0.0.376 |
| sonicwall | sonicos | 7.0.1 ≤ 𝑥 < 7.0.1-r1036 |
| sonicwall | sonicos | 6.0.5.3-94o |
| sonicwall | sonicos | 6.5.1.12-3n |
| sonicwall | sonicos | 6.5.4.7-83n |
| sonicwall | sonicosv | 6.5.4.4-44v-21-955 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-200 - Exposure of Sensitive Information to an Unauthorized ActorThe product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory BufferThe software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.