Vulnerability CVE-2021-20048 - CERT Civis.Net

Vulnerability Name:

CVE-2021-20048 (CCN-216885)

Assigned:

2020-12-17

Published:

2022-01-05

Updated:

2022-01-19

Summary:

A Stack-based buffer overflow in the SonicOS SessionID HTTP response header allows a remote authenticated attacker to cause Denial of Service (DoS) and potentially results in code execution in the firewall. This vulnerability affected SonicOS Gen 5, Gen 6 and Gen 7 firmware versions.

CVSS v3 Severity:

8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Adjacent Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

CVSS v2 Severity:

6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

4.6 Medium (CCN CVSS v2 Vector: AV:A/AC:H/Au:N/C:N/I:N/A:C)

Exploitability Metrics:	Access Vector (AV): Adjacent_Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2021-20048

Source: XF
Type: UNKNOWN
sonicos-cve202120048-dos(216885)

Source: CCN
Type: SonicWall Security Advisory SNWLID-2021-0028
SonicOS SessionID Buffer Overflow via HTTP response

Source: CONFIRM
Type: Vendor Advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0028

Vulnerable Configuration:

Configuration 1:

cpe:/o:sonicwall:sonicos:*:*:*:*:*:*:*:* (Version <= 7.0.1-r1456)

AND

cpe:/h:sonicwall:nsa_2650:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:nsa_2700:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:nsa_3650:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:nsa_3700:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:nsa_4650:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:nsa_4700:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:nsa_5650:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:nsa_6650:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:nsa_6700:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:nsa_9250:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:nsa_9450:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:nsa_9650:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:tz270:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:tz270w:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:tz300:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:tz300p:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:tz300w:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:tz350:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:tz350w:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:tz370:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:tz370w:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:tz400:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:tz400w:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:tz470:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:tz470w:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:tz500:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:tz500w:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:tz570:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:tz570p:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:tz570w:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:tz600:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:tz600p:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:tz670:-:*:*:*:*:*:*:*

Configuration 2:

cpe:/o:sonicwall:sonicos:*:*:*:*:*:*:*:* (Version <= 7.0.1-5023-1349)

AND

cpe:/h:sonicwall:nsv_10:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:nsv_100:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:nsv_1600:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:nsv_200:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:nsv_25:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:nsv_270:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:nsv_300:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:nsv_400:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:nsv_470:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:nsv_50:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:nsv_800:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:nsv_870:-:*:*:*:*:*:*:*

Configuration 3:

cpe:/o:sonicwall:sonicos:*:*:*:*:*:*:*:* (Version <= 7.0.1-5018-r1715)

AND

cpe:/h:sonicwall:nssp_12400:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:nssp_12800:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:nssp_13700:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:nssp_15700:-:*:*:*:*:*:*:*

Configuration 4:

cpe:/o:sonicwall:sonicos:*:*:*:*:*:*:*:* (Version <= 6.5.4.8)

AND

cpe:/h:sonicwall:nsa_2650:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:nsa_2700:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:nsa_3650:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:nsa_3700:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:nsa_4650:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:nsa_4700:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:nsa_5650:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:nsa_6650:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:nsa_6700:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:nsa_9250:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:nsa_9450:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:nsa_9650:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:soho_250w:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:supermassive_9200:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:supermassive_9400:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:supermassive_9600:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:supermassive_9800:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:tz270:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:tz270w:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:tz300:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:tz300p:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:tz300w:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:tz350:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:tz350w:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:tz370:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:tz370w:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:tz400:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:tz400w:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:tz470:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:tz470w:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:tz500:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:tz500w:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:tz570:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:tz570p:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:tz570w:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:tz600:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:tz600p:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:tz670:-:*:*:*:*:*:*:*

Configuration 5:

cpe:/o:sonicwall:sonicos:*:*:*:*:*:*:*:* (Version <= 6.5.1.13-1n)

AND

cpe:/h:sonicwall:nssp_12400:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:nssp_12800:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:supermassive_9800:-:*:*:*:*:*:*:*

Configuration 6:

cpe:/o:sonicwall:sonicos:*:*:*:*:*:*:*:* (Version <= 6.0.5.3-94o)

AND

cpe:/h:sonicwall:supermassive_e10200:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:supermassive_e10400:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:supermassive_e10800:-:*:*:*:*:*:*:*

Configuration 7:

cpe:/o:sonicwall:sonicos:*:*:*:*:*:*:*:* (Version <= 5.9.1.13)

AND

cpe:/h:sonicwall:nsa_2650:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:nsa_2700:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:nsa_3650:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:nsa_3700:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:nsa_4650:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:nsa_4700:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:nsa_5650:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:nsa_6650:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:nsa_6700:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:nsa_9250:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:nsa_9450:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:nsa_9650:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:soho_250:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:soho_250w:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:tz270:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:tz270w:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:tz300:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:tz300p:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:tz300w:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:tz350:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:tz350w:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:tz370:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:tz370w:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:tz400:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:tz400w:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:tz470:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:tz470w:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:tz500:-:*:*:*:*:*:*:*

OR cpe:/h:sonicwall:tz500w:-:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/o:sonicwall:sonicos:6.0.5.3-94o:*:*:*:*:*:*:*

Denotes that component is vulnerable