A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv and earlier versions.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HSonicwall Sma 200
HWSonicwallwszystkie wersjeSonicwall Sma 200 Firmware
OSSonicwall10.2.0.8-37sv10.2.1.1-19sv10.2.1.2-24svSonicwall Sma 210
HWSonicwallwszystkie wersjeSonicwall Sma 210 Firmware
OSSonicwall10.2.0.8-37sv10.2.1.1-19sv10.2.1.2-24svSonicwall Sma 400
HWSonicwallwszystkie wersjeSonicwall Sma 400 Firmware
OSSonicwall10.2.0.8-37sv10.2.1.1-19sv10.2.1.2-24svSonicwall Sma 410
HWSonicwallwszystkie wersjeSonicwall Sma 410 Firmware
OSSonicwall10.2.0.8-37sv10.2.1.1-19sv10.2.1.2-24svSonicwall Sma 500v
HWSonicwallwszystkie wersjeSonicwall Sma 500v Firmware
OSSonicwall10.2.0.8-37sv10.2.1.1-19sv10.2.1.2-24sv
CISA KEV β detailsi
- Vendori
- SonicWall β
- Producti
- SMA 100 Appliances
- Added to KEVi
- January 28, 2022
- Remediation deadline (US Federal)i
- February 11, 2022(overdue)
- Ransomwarei
- Active ransomware campaigns exploit this vulnerability
Apply updates per vendor instructions.
SonicWall SMA 100 devies are vulnerable to an unauthenticated stack-based buffer overflow vulnerability where exploitation can result in code execution.
Related vulnerabilities
Apache HTTP Server mod_rewrite β ujawnienie kodu i RCE poprzez bΕΔdne escapowanie
Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure R...
A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker ...
SonicWall SMA 100 β nieautoryzowany upload pliku prowadzΔ cy do RCE
Improper neutralization of Special Elements leading to OS Command Injection vulnerability impacting end-of-lif...