diff --git a/2021/20xxx/CVE-2021-20038.json b/2021/20xxx/CVE-2021-20038.json index 8255ffbceaf..278d01cff6c 100644 --- a/2021/20xxx/CVE-2021-20038.json +++ b/2021/20xxx/CVE-2021-20038.json @@ -1,68 +1,68 @@ { - "CVE_data_meta": { - "ASSIGNER": "psirt@sonicwall.com", - "ID": "CVE-2021-20038", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "SonicWall SMA100", - "version": { - "version_data": [ - { - "version_value": "10.2.0.8-37sv and earlier" + "CVE_data_meta": { + "ASSIGNER": "PSIRT@sonicwall.com", + "ID": "CVE-2021-20038", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SonicWall SMA100", + "version": { + "version_data": [ + { + "version_value": "10.2.0.8-37sv and earlier" + }, + { + "version_value": "10.2.1.1-19sv and earlier" + }, + { + "version_value": "10.2.1.2-24sv and earlier" + } + ] + } + } + ] }, - { - "version_value": "10.2.1.1-19sv and earlier" - }, - { - "version_value": "10.2.1.2-24sv and earlier" - } - ] + "vendor_name": "SonicWall" } - } ] - }, - "vendor_name": "SonicWall" } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv and earlier versions." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-121: Stack-based Buffer Overflow" - } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv and earlier versions." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026", - "refsource": "CONFIRM", - "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026" - } - ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026", + "refsource": "CONFIRM", + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026" + } + ] + } } \ No newline at end of file diff --git a/2021/20xxx/CVE-2021-20039.json b/2021/20xxx/CVE-2021-20039.json index 0f8b4ae7246..ebc6a3d37de 100644 --- a/2021/20xxx/CVE-2021-20039.json +++ b/2021/20xxx/CVE-2021-20039.json @@ -1,71 +1,71 @@ { - "CVE_data_meta": { - "ASSIGNER": "psirt@sonicwall.com", - "ID": "CVE-2021-20039", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "SonicWall SMA100", - "version": { - "version_data": [ - { - "version_value": "9.0.0.11-31sv and earlier" + "CVE_data_meta": { + "ASSIGNER": "PSIRT@sonicwall.com", + "ID": "CVE-2021-20039", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SonicWall SMA100", + "version": { + "version_data": [ + { + "version_value": "9.0.0.11-31sv and earlier" + }, + { + "version_value": "10.2.0.8-37sv and earlier" + }, + { + "version_value": "10.2.1.1-19sv and earlier" + }, + { + "version_value": "10.2.1.2-24sv and earlier" + } + ] + } + } + ] }, - { - "version_value": "10.2.0.8-37sv and earlier" - }, - { - "version_value": "10.2.1.1-19sv and earlier" - }, - { - "version_value": "10.2.1.2-24sv and earlier" - } - ] + "vendor_name": "SonicWall" } - } ] - }, - "vendor_name": "SonicWall" } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Improper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert' POST http method allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" - } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert' POST http method allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026", - "refsource": "CONFIRM", - "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026" - } - ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026", + "refsource": "CONFIRM", + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026" + } + ] + } } \ No newline at end of file diff --git a/2021/20xxx/CVE-2021-20040.json b/2021/20xxx/CVE-2021-20040.json index 1f97870dd6a..4793263380d 100644 --- a/2021/20xxx/CVE-2021-20040.json +++ b/2021/20xxx/CVE-2021-20040.json @@ -1,68 +1,68 @@ { - "CVE_data_meta": { - "ASSIGNER": "psirt@sonicwall.com", - "ID": "CVE-2021-20040", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "SonicWall SMA100", - "version": { - "version_data": [ - { - "version_value": "10.2.0.8-37sv and earlier" + "CVE_data_meta": { + "ASSIGNER": "PSIRT@sonicwall.com", + "ID": "CVE-2021-20040", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SonicWall SMA100", + "version": { + "version_data": [ + { + "version_value": "10.2.0.8-37sv and earlier" + }, + { + "version_value": "10.2.1.1-19sv and earlier" + }, + { + "version_value": "10.2.1.2-24sv and earlier" + } + ] + } + } + ] }, - { - "version_value": "10.2.1.1-19sv and earlier" - }, - { - "version_value": "10.2.1.2-24sv and earlier" - } - ] + "vendor_name": "SonicWall" } - } ] - }, - "vendor_name": "SonicWall" } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A relative path traversal vulnerability in the SMA100 upload funtion allows a remote unauthenticated attacker to upload crafted web pages or files as a 'nobody' user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-23: Relative Path Traversal" - } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A relative path traversal vulnerability in the SMA100 upload funtion allows a remote unauthenticated attacker to upload crafted web pages or files as a 'nobody' user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026", - "refsource": "CONFIRM", - "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026" - } - ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-23: Relative Path Traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026", + "refsource": "CONFIRM", + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026" + } + ] + } } \ No newline at end of file diff --git a/2021/20xxx/CVE-2021-20041.json b/2021/20xxx/CVE-2021-20041.json index b6c91a7417f..0839f4649b5 100644 --- a/2021/20xxx/CVE-2021-20041.json +++ b/2021/20xxx/CVE-2021-20041.json @@ -1,75 +1,71 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@sonicwall.com", - "ID" : "CVE-2021-20041", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SonicWall SMA100", - "version" : { - "version_data" : [ - { - "version_value" : "9.0.0.11-31sv and earlier" - }, - - { - "version_value" : "10.2.0.8-37sv and earlier" - }, - - { - "version_value" : "10.2.1.1-19sv and earlier" - }, - - { - "version_value" : "10.2.1.2-24sv and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "SonicWall" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An unauthenticated and remote adversary can consume all of the device's CPU due to crafted HTTP requests sent to SMA100 /fileshare/sonicfiles/sonicfiles resulting in a loop with unreachable exit condition. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT@sonicwall.com", + "ID": "CVE-2021-20041", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SonicWall SMA100", + "version": { + "version_data": [ + { + "version_value": "9.0.0.11-31sv and earlier" + }, + { + "version_value": "10.2.0.8-37sv and earlier" + }, + { + "version_value": "10.2.1.1-19sv and earlier" + }, + { + "version_value": "10.2.1.2-24sv and earlier" + } + ] + } + } + ] + }, + "vendor_name": "SonicWall" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026", - "refsource" : "CONFIRM", - "url" : "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026" - } - ] - } -} - + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An unauthenticated and remote adversary can consume all of the device's CPU due to crafted HTTP requests sent to SMA100 /fileshare/sonicfiles/sonicfiles resulting in a loop with unreachable exit condition. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026", + "refsource": "CONFIRM", + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026" + } + ] + } +} \ No newline at end of file diff --git a/2021/20xxx/CVE-2021-20042.json b/2021/20xxx/CVE-2021-20042.json index ff04e086eb1..f5e7af1b848 100644 --- a/2021/20xxx/CVE-2021-20042.json +++ b/2021/20xxx/CVE-2021-20042.json @@ -1,71 +1,71 @@ { - "CVE_data_meta": { - "ASSIGNER": "psirt@sonicwall.com", - "ID": "CVE-2021-20042", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "SonicWall SMA100", - "version": { - "version_data": [ - { - "version_value": "9.0.0.11-31sv and earlier" + "CVE_data_meta": { + "ASSIGNER": "PSIRT@sonicwall.com", + "ID": "CVE-2021-20042", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SonicWall SMA100", + "version": { + "version_data": [ + { + "version_value": "9.0.0.11-31sv and earlier" + }, + { + "version_value": "10.2.0.8-37sv and earlier" + }, + { + "version_value": "10.2.1.1-19sv and earlier" + }, + { + "version_value": "10.2.1.2-24sv and earlier" + } + ] + } + } + ] }, - { - "version_value": "10.2.0.8-37sv and earlier" - }, - { - "version_value": "10.2.1.1-19sv and earlier" - }, - { - "version_value": "10.2.1.2-24sv and earlier" - } - ] + "vendor_name": "SonicWall" } - } ] - }, - "vendor_name": "SonicWall" } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An unauthenticated remote attacker can use SMA 100 as an unintended proxy or intermediary undetectable proxy to bypass firewall rules. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-441: Unintended Proxy or Intermediary ('Confused Deputy')" - } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An unauthenticated remote attacker can use SMA 100 as an unintended proxy or intermediary undetectable proxy to bypass firewall rules. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026", - "refsource": "CONFIRM", - "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026" - } - ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-441: Unintended Proxy or Intermediary ('Confused Deputy')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026", + "refsource": "CONFIRM", + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026" + } + ] + } } \ No newline at end of file diff --git a/2021/20xxx/CVE-2021-20043.json b/2021/20xxx/CVE-2021-20043.json index ee3bb74d348..78809313622 100644 --- a/2021/20xxx/CVE-2021-20043.json +++ b/2021/20xxx/CVE-2021-20043.json @@ -1,68 +1,68 @@ { - "CVE_data_meta": { - "ASSIGNER": "psirt@sonicwall.com", - "ID": "CVE-2021-20043", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "SonicWall SMA100", - "version": { - "version_data": [ - { - "version_value": "10.2.0.8-37sv and earlier" + "CVE_data_meta": { + "ASSIGNER": "PSIRT@sonicwall.com", + "ID": "CVE-2021-20043", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SonicWall SMA100", + "version": { + "version_data": [ + { + "version_value": "10.2.0.8-37sv and earlier" + }, + { + "version_value": "10.2.1.1-19sv and earlier" + }, + { + "version_value": "10.2.1.2-24sv and earlier" + } + ] + } + } + ] }, - { - "version_value": "10.2.1.1-19sv and earlier" - }, - { - "version_value": "10.2.1.2-24sv and earlier" - } - ] + "vendor_name": "SonicWall" } - } ] - }, - "vendor_name": "SonicWall" } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A Heap-based buffer overflow vulnerability in SonicWall SMA100 getBookmarks method allows a remote authenticated attacker to potentially execute code as the nobody user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-122: Heap-based Buffer Overflow" - } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Heap-based buffer overflow vulnerability in SonicWall SMA100 getBookmarks method allows a remote authenticated attacker to potentially execute code as the nobody user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026", - "refsource": "CONFIRM", - "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026" - } - ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122: Heap-based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026", + "refsource": "CONFIRM", + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026" + } + ] + } } \ No newline at end of file diff --git a/2021/20xxx/CVE-2021-20044.json b/2021/20xxx/CVE-2021-20044.json index 1b34816e12e..229f1753334 100644 --- a/2021/20xxx/CVE-2021-20044.json +++ b/2021/20xxx/CVE-2021-20044.json @@ -1,68 +1,68 @@ { - "CVE_data_meta": { - "ASSIGNER": "psirt@sonicwall.com", - "ID": "CVE-2021-20044", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "SonicWall SMA100", - "version": { - "version_data": [ - { - "version_value": "10.2.0.8-37sv and earlier" + "CVE_data_meta": { + "ASSIGNER": "PSIRT@sonicwall.com", + "ID": "CVE-2021-20044", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SonicWall SMA100", + "version": { + "version_data": [ + { + "version_value": "10.2.0.8-37sv and earlier" + }, + { + "version_value": "10.2.1.1-19sv and earlier" + }, + { + "version_value": "10.2.1.2-24sv and earlier" + } + ] + } + } + ] }, - { - "version_value": "10.2.1.1-19sv and earlier" - }, - { - "version_value": "10.2.1.2-24sv and earlier" - } - ] + "vendor_name": "SonicWall" } - } ] - }, - "vendor_name": "SonicWall" } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A post-authentication remote command injection vulnerability in SonicWall SMA100 allows a remote authenticated attacker to execute OS system commands in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" - } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A post-authentication remote command injection vulnerability in SonicWall SMA100 allows a remote authenticated attacker to execute OS system commands in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026", - "refsource": "CONFIRM", - "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026" - } - ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026", + "refsource": "CONFIRM", + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026" + } + ] + } } \ No newline at end of file diff --git a/2021/20xxx/CVE-2021-20045.json b/2021/20xxx/CVE-2021-20045.json index 6da4a7f8fa5..255cc16bd0a 100644 --- a/2021/20xxx/CVE-2021-20045.json +++ b/2021/20xxx/CVE-2021-20045.json @@ -1,68 +1,68 @@ { - "CVE_data_meta": { - "ASSIGNER": "psirt@sonicwall.com", - "ID": "CVE-2021-20045", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "SonicWall SMA100", - "version": { - "version_data": [ - { - "version_value": "10.2.0.8-37sv and earlier" + "CVE_data_meta": { + "ASSIGNER": "PSIRT@sonicwall.com", + "ID": "CVE-2021-20045", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SonicWall SMA100", + "version": { + "version_data": [ + { + "version_value": "10.2.0.8-37sv and earlier" + }, + { + "version_value": "10.2.1.1-19sv and earlier" + }, + { + "version_value": "10.2.1.2-24sv and earlier" + } + ] + } + } + ] }, - { - "version_value": "10.2.1.1-19sv and earlier" - }, - { - "version_value": "10.2.1.2-24sv and earlier" - } - ] + "vendor_name": "SonicWall" } - } ] - }, - "vendor_name": "SonicWall" } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A buffer overflow vulnerability in SMA100 sonicfiles RAC_COPY_TO (RacNumber 36) method allows a remote unauthenticated attacker to potentially execute code as the 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')" - } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A buffer overflow vulnerability in SMA100 sonicfiles RAC_COPY_TO (RacNumber 36) method allows a remote unauthenticated attacker to potentially execute code as the 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026", - "refsource": "CONFIRM", - "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026" - } - ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026", + "refsource": "CONFIRM", + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026" + } + ] + } } \ No newline at end of file diff --git a/2021/20xxx/CVE-2021-20047.json b/2021/20xxx/CVE-2021-20047.json index fb91615614a..9ecb8b6519d 100644 --- a/2021/20xxx/CVE-2021-20047.json +++ b/2021/20xxx/CVE-2021-20047.json @@ -1,62 +1,62 @@ { - "CVE_data_meta": { - "ASSIGNER": "psirt@sonicwall.com", - "ID": "CVE-2021-20047", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "SonicWall Global VPN Client", - "version": { - "version_data": [ - { - "version_value": "Global VPN Client 4.10.6 and earlier" - } - ] + "CVE_data_meta": { + "ASSIGNER": "PSIRT@sonicwall.com", + "ID": "CVE-2021-20047", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SonicWall Global VPN Client", + "version": { + "version_data": [ + { + "version_value": "Global VPN Client 4.10.6 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "SonicWall" } - } ] - }, - "vendor_name": "SonicWall" } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "SonicWall Global VPN client version 4.10.6 (32-bit and 64-bit) and earlier have a DLL Search Order Hijacking vulnerability. Successful exploitation via a local attacker could result in remote code execution in the target system." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-427: Uncontrolled Search Path Element" - } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SonicWall Global VPN client version 4.10.6 (32-bit and 64-bit) and earlier have a DLL Search Order Hijacking vulnerability. Successful exploitation via a local attacker could result in remote code execution in the target system." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0025", - "refsource": "CONFIRM", - "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0025" - } - ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-427: Uncontrolled Search Path Element" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0025", + "refsource": "CONFIRM", + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0025" + } + ] + } } \ No newline at end of file