CVE-2021-20027

Published: Jun 14, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A buffer overflow vulnerability in SonicOS allows a remote attacker to cause a Denial of Service (DoS) by sending a specially crafted request. This vulnerability affects SonicOS Gen5, Gen6, Gen7 platforms, and SonicOSv virtual firewalls.

Affected (8)

Products: Sonicwall: Sonicos

Sonicwall

1 product

Sonicos

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sonicwall Sonicos	Up to 7.0.1-r1262

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Sonicwall Sonicos	Up to 7.0.1-r.1219

Configuration C

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Sonicwall Sonicos	Up to 7.0.1-r514

Running on/with	Platform Versions
Sonicwall Nssp 13700	All versions
Sonicwall Nssp 15700	All versions

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Sonicwall Sonicos	Up to 5.9.1.13

Configuration E

1 vulnerable · 3 platform

Vulnerable Software	Affected Versions
Sonicwall Sonicos	Up to 6.5.1.12

Running on/with	Platform Versions
Sonicwall Nssp 12400	All versions
Sonicwall Nssp 12800	All versions
Sonicwall Supermassive 9800	All versions

Configuration F

1 vulnerable · 38 platform

Vulnerable Software	Affected Versions
Sonicwall Sonicos	Up to 6.5.4.7

Running on/with	Platform Versions
Sonicwall Nsa 2650	All versions
Sonicwall Nsa 2700	All versions
Sonicwall Nsa 3650	All versions
Sonicwall Nsa 3700	All versions
Sonicwall Nsa 4650	All versions
Sonicwall Nsa 4700	All versions
Sonicwall Nsa 5650	All versions
Sonicwall Nsa 6650	All versions
Sonicwall Nsa 6700	All versions
Sonicwall Nsa 9250	All versions
Sonicwall Nsa 9450	All versions
Sonicwall Nsa 9650	All versions
Sonicwall Soho 250	All versions
Sonicwall Soho 250w	All versions
Sonicwall Supermassive 9200	All versions
Sonicwall Supermassive 9400	All versions
Sonicwall Supermassive 9600	All versions
Sonicwall Tz270	All versions
Sonicwall Tz270w	All versions
Sonicwall Tz300	All versions
Sonicwall Tz300p	All versions
Sonicwall Tz300w	All versions
Sonicwall Tz350	All versions
Sonicwall Tz350w	All versions
Sonicwall Tz370	All versions
Sonicwall Tz370w	All versions
Sonicwall Tz400	All versions
Sonicwall Tz400w	All versions
Sonicwall Tz470	All versions
Sonicwall Tz470w	All versions
Sonicwall Tz500	All versions
Sonicwall Tz500w	All versions
Sonicwall Tz570	All versions
Sonicwall Tz570p	All versions
Sonicwall Tz570w	All versions
Sonicwall Tz600	All versions
Sonicwall Tz600p	All versions
Sonicwall Tz670	All versions

Configuration G

1 vulnerable · 12 platform

Vulnerable Software	Affected Versions
Sonicwall Sonicos	All versions

Running on/with	Platform Versions
Sonicwall Nsv 10	All versions
Sonicwall Nsv 100	All versions
Sonicwall Nsv 1600	All versions
Sonicwall Nsv 200	All versions
Sonicwall Nsv 25	All versions
Sonicwall Nsv 270	All versions
Sonicwall Nsv 300	All versions
Sonicwall Nsv 400	All versions
Sonicwall Nsv 470	All versions
Sonicwall Nsv 50	All versions
Sonicwall Nsv 800	All versions
Sonicwall Nsv 870	All versions

Configuration H

1 vulnerable · 3 platform

Vulnerable Software	Affected Versions
Sonicwall Sonicos	Up to 6.0.5.3-94o

Running on/with	Platform Versions
Sonicwall Supermassive E10200	All versions
Sonicwall Supermassive E10400	All versions
Sonicwall Supermassive E10800	All versions

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (2)

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0016

Source: PSIRT@sonicwall.com

MitigationVendor Advisory

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0016

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationVendor Advisory

Timeline

No history available yet.