CyberSec.Space Logo
返回 CVE 浏览器

CVE-2021-20048

HIGH
8.8
CVSS Severity Score
EPSS Score0.1420%
EPSS Percentile40.31th
Published2022年1月10日
Last Modified2024年11月21日

Vulnerability Description

A Stack-based buffer overflow in the SonicOS SessionID HTTP response header allows a remote authenticated attacker to cause Denial of Service (DoS) and potentially results in code execution in the firewall. This vulnerability affected SonicOS Gen 5, Gen 6 and Gen 7 firmware versions.

Affected Platforms (CPE)

💻
Sonicwall

Sonicos

<= 7.0.1-r1456
💻
Sonicwall

Sonicos

<= 7.0.1-5023-1349
💻
Sonicwall

Sonicos

<= 7.0.1-5018-r1715
💻
Sonicwall

Sonicos

<= 6.5.4.8
💻
Sonicwall

Sonicos

<= 6.5.1.13-1n
💻
Sonicwall

Sonicos

<= 6.0.5.3-94o
💻
Sonicwall

Sonicos

<= 5.9.1.13

References & Advisories

🔗 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0028
🔗 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0028

相关漏洞威胁

CVE-2020-51359.8

A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbit...

CVE-2019-74759.8

A vulnerability in SonicWall SonicOS and SonicOSv with management enabled system on specific configuration allow unprivileged user...

CVE-2021-200468.8

A Stack-based buffer overflow in the SonicOS HTTP Content-Length response header allows a remote authenticated attacker to cause D...

CVE-2019-74877.8

Installation of the SonicOS SSLVPN NACagent 3.5 on the Windows operating system, an autorun value is created does not put the path...