Main Vulnerability Database Vulnerabilities #VU55689

#VU55689 Incorrect configuration in SonicWall Analytics - CVE-2021-20032

Published: August 10, 2021

Vulnerability identifier: #VU55689

Vulnerability risk: Critical

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Red

CVE-ID: CVE-2021-20032

CWE-ID: CWE-16

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
SonicWall Analytics

Software vendor:
SonicWall

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to Java Debug Wire Protocol (JDWP) interface security misconfiguration. A remote non-authenticated attacker can send a specially crafted request to port 9000/TCP and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to gain full control over the affected system.

Remediation

Install updates from vendor's website.

External links

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0018