CVE-2021-20042

Summary

An unauthenticated remote attacker can use SMA 100 as an unintended proxy or intermediary undetectable proxy to bypass firewall rules. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.

Affected Software

VendorProductVersion RangeStatus
SonicWallSonicWall SMA1009.0.0.11-31sv and earlieraffected
SonicWallSonicWall SMA10010.2.0.8-37sv and earlieraffected
SonicWallSonicWall SMA10010.2.1.1-19sv and earlieraffected
SonicWallSonicWall SMA10010.2.1.2-24sv and earlieraffected

Weaknesses

  • CWE-441: CWE-441: Unintended Proxy or Intermediary ('Confused Deputy')

ADP Enrichment

CVE Program Container

Additional References

References