Vulnerability Details CVE-2021-20016
A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.804
EPSS Ranking 99.1%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
Proposed Action
SonicWall SSLVPN SMA100 contains a SQL injection vulnerability that allows remote exploitation for credential access by an unauthenticated attacker.
Ransomware Campaign
Known
References
Products affected by CVE-2021-20016
-
cpe:2.3:a:sonicwall:sma_500v:-
-
cpe:2.3:h:sonicwall:sma_100:-
-
cpe:2.3:h:sonicwall:sma_200:-
-
cpe:2.3:h:sonicwall:sma_210:-
-
cpe:2.3:h:sonicwall:sma_400:-
-
cpe:2.3:h:sonicwall:sma_410:-
-
cpe:2.3:o:sonicwall:sma_100_firmware:10.0.0.0
-
cpe:2.3:o:sonicwall:sma_100_firmware:10.2.0.2-20sv
-
cpe:2.3:o:sonicwall:sma_200_firmware:-
-
cpe:2.3:o:sonicwall:sma_210_firmware:-
-
cpe:2.3:o:sonicwall:sma_400_firmware:-
-
cpe:2.3:o:sonicwall:sma_410_firmware:-