An unauthenticated and remote adversary can consume all of the device's CPU due to crafted HTTP requests sent to SMA100 /fileshare/sonicfiles/sonicfiles resulting in a loop with unreachable exit condition. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.
References
| Link | Resource |
|---|---|
| https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026 | Vendor Advisory |
Advertisement
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
Configuration 4 (hide)
| AND |
|
Configuration 5 (hide)
| AND |
|
Information
Published : 2021-12-08 02:15
Updated : 2021-12-10 13:59
NVD link : CVE-2021-20041
Mitre link : CVE-2021-20041
JSON object : View
CWE
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
Advertisement
Products Affected
sonicwall
- sma_200
- sma_410
- sma_400_firmware
- sma_500v_firmware
- sma_410_firmware
- sma_200_firmware
- sma_210_firmware
- sma_400
- sma_210
- sma_500v