CVE-2021-20048

A Stack-based buffer overflow in the SonicOS SessionID HTTP response header allows a remote authenticated attacker to cause Denial of Service (DoS) and potentially results in code execution in the firewall. This vulnerability affected SonicOS Gen 5, Gen 6 and Gen 7 firmware versions.

Published: Jan 10, 2022
Updated: Apr 14, 2023
CVE: CVE-2021-20048
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
sonicwall / sonicos	-	7.0.1-r1456.x
sonicwall / sonicos	-	7.0.1-5023-1349.x
sonicwall / sonicos	-	7.0.1-5018-r1715.x
sonicwall / sonicos	-	6.5.4.8.x
sonicwall / sonicos	-	6.5.1.13-1n.x
sonicwall / sonicos	-	6.0.5.3-94o.x
sonicwall / sonicos	-	5.9.1.13.x

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0028

Vulnerability Database

289,689

CVE-2021-20048