CVE-2021-20049

Summary

A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. This vulnerability impacts 10.2.1.2-24sv, 10.2.0.8-37sv and earlier 10.x versions.

Affected Software

VendorProductVersion RangeStatus
SonicWallSonicWall SMA10010.2.0.8-37sv and earlieraffected
SonicWallSonicWall SMA10010.2.1.2-24sv and earlieraffected

Weaknesses

  • CWE-204: CWE-204: Observable Response Discrepancy

ADP Enrichment

CVE Program Container

Additional References

References