#VU56853 Improper access control in SMA 100 - CVE-2021-20034

Cybersecurity Help s.r.o.

Published: 2021-09-24 | Updated: 2021-11-25

Vulnerability identifier: #VU56853

Vulnerability risk: High

CVSSv4.0: 7.8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]

CVE-ID: CVE-2021-20034

CWE-ID: CWE-284

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
SMA 100
Hardware solutions / Security hardware applicances

Vendor: SonicWall

Description

The vulnerability allows a remote attacker to delete arbitrary files on the system.

The vulnerability exists due to improper access restrictions in SMA 100 management interface. A remote non-authenticated attacker can bypass implemented path traversal checks and delete an arbitrary file on the system, potentially resulting in a reboot to factory default settings.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

SMA 100: 9.0.0.10-28sv, 10.2.0.2-20sv, 10.2.0.3-24sv, 10.2.0.5-d-29sv, 10.2.0.6-31sv, 10.2.0.7-34sv, 10.2.1.0-17sv

External links
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0021

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

Latest bulletins with this vulnerability

Remote denial of service in SonicWall SMA 100 Series