CVE-2021-20042

An unauthenticated remote attacker can use SMA 100 as an unintended proxy or intermediary undetectable proxy to bypass firewall rules. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.
Confused Deputy
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
sonicwallCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 75%
VendorProductVersion
sonicwallsma_200_firmware
9.0.0.11-31sv
sonicwallsma_200_firmware
10.2.0.8-37sv
sonicwallsma_200_firmware
10.2.1.1-19sv
sonicwallsma_210_firmware
9.0.0.11-31sv
sonicwallsma_210_firmware
10.2.0.8-37sv
sonicwallsma_210_firmware
10.2.1.1-19sv
sonicwallsma_410_firmware
9.0.0.11-31sv
sonicwallsma_410_firmware
10.2.0.8-37sv
sonicwallsma_410_firmware
10.2.1.1-19sv
sonicwallsma_400_firmware
9.0.0.11-31sv
sonicwallsma_400_firmware
10.2.0.8-37sv
sonicwallsma_400_firmware
10.2.1.1-19sv
sonicwallsma_500v_firmware
9.0.0.11-31sv
sonicwallsma_500v_firmware
10.2.0.8-37sv
sonicwallsma_500v_firmware
10.2.1.1-19sv
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026