CVE-2021-20041

Summary

An unauthenticated and remote adversary can consume all of the device's CPU due to crafted HTTP requests sent to SMA100 /fileshare/sonicfiles/sonicfiles resulting in a loop with unreachable exit condition. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.

Affected Software

VendorProductVersion RangeStatus
SonicWallSonicWall SMA1009.0.0.11-31sv and earlieraffected
SonicWallSonicWall SMA10010.2.0.8-37sv and earlieraffected
SonicWallSonicWall SMA10010.2.1.1-19sv and earlieraffected
SonicWallSonicWall SMA10010.2.1.2-24sv and earlieraffected

Weaknesses

  • CWE-835: CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')

ADP Enrichment

CVE Program Container

Additional References

References