CVE-2021-20042

critical

Description

An unauthenticated remote attacker can use SMA 100 as an unintended proxy or intermediary undetectable proxy to bypass firewall rules. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.

References

https://www.tenable.com/blog/sonicwall-urges-users-to-patch-several-vulnerabilities-in-secure-mobile-access-products-cve

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026

Details

Source: Mitre, NVD

Published: 2021-12-08

Updated: 2023-06-26

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical