CVE-2021-20038
A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv and earlier versions.
| Software | From | Fixed in |
|---|---|---|
| sonicwall / sma_200_firmware | 10.2.0.8-37sv | 10.2.0.8-37sv.x |
| sonicwall / sma_200_firmware | 10.2.1.1-19sv | 10.2.1.1-19sv.x |
| sonicwall / sma_200_firmware | 10.2.1.2-24sv | 10.2.1.2-24sv.x |
| sonicwall / sma_210_firmware | 10.2.0.8-37sv | 10.2.0.8-37sv.x |
| sonicwall / sma_210_firmware | 10.2.1.1-19sv | 10.2.1.1-19sv.x |
| sonicwall / sma_210_firmware | 10.2.1.2-24sv | 10.2.1.2-24sv.x |
| sonicwall / sma_410_firmware | 10.2.0.8-37sv | 10.2.0.8-37sv.x |
| sonicwall / sma_410_firmware | 10.2.1.1-19sv | 10.2.1.1-19sv.x |
| sonicwall / sma_410_firmware | 10.2.1.2-24sv | 10.2.1.2-24sv.x |
| sonicwall / sma_400_firmware | 10.2.0.8-37sv | 10.2.0.8-37sv.x |
| sonicwall / sma_400_firmware | 10.2.1.1-19sv | 10.2.1.1-19sv.x |
| sonicwall / sma_400_firmware | 10.2.1.2-24sv | 10.2.1.2-24sv.x |
| sonicwall / sma_500v_firmware | 10.2.0.8-37sv | 10.2.0.8-37sv.x |
| sonicwall / sma_500v_firmware | 10.2.1.1-19sv | 10.2.1.1-19sv.x |
| sonicwall / sma_500v_firmware | 10.2.1.2-24sv | 10.2.1.2-24sv.x |
- https://github.com/jbaines-r7/badblood
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-20038
- https://www.rapid7.com/blog/post/2022/01/11/cve-2021-20038-42-sonicwall-sma-100-multiple-vulnerabilities-fixed-2/
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime