CVE-2021-20050

An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted management APIs being accessible without a user login, potentially exposing configuration meta-data.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
sonicwallCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
VendorProductVersion
sonicwallsma_100_firmware
𝑥
< 10.0.0.0
sonicwallsma_100_firmware
10.2.0.8-37sv
sonicwallsma_100_firmware
10.2.1.2-24sv
sonicwallsma_200_firmware
𝑥
< 10.0.0.0
sonicwallsma_200_firmware
10.2.0.8-37sv
sonicwallsma_200_firmware
10.2.1.2-24sv
sonicwallsma_210_firmware
𝑥
< 10.0.0.0
sonicwallsma_210_firmware
10.2.0.8-37sv
sonicwallsma_210_firmware
10.2.1.2-24sv
sonicwallsma_400_firmware
𝑥
< 10.0.0.0
sonicwallsma_400_firmware
10.2.0.8-37sv
sonicwallsma_400_firmware
10.2.1.2-24sv
sonicwallsma_410_firmware
𝑥
< 10.0.0.0
sonicwallsma_410_firmware
10.2.0.8-37sv
sonicwallsma_410_firmware
10.2.1.2-24sv
sonicwallsma_500v_firmware
𝑥
< 10.0.0.0
sonicwallsma_500v_firmware
10.2.0.8-37sv
sonicwallsma_500v_firmware
10.2.1.2-24sv
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0031
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0031