CVE-2021-20035

Summary

Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user which potentially leads to DoS.

Affected Software

VendorProductVersion RangeStatus
SonicWallSMA1009.0.0.10-28sv and earlieraffected
SonicWallSMA10010.2.0.7-34sv and earlieraffected
SonicWallSMA10010.2.1.0-17sv and earlieraffected

Weaknesses

  • CWE-78: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: no
    • Technical Impact: total

Additional References

References