Attacker Value
Very High
(1 user assessed)
Exploitability
High
(1 user assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
1

CVE-2021-20016

Exploited in the Wild
Reported by wvu-r7
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x.

Add Assessment

2
Ratings
  • Attacker Value
    Very High
  • Exploitability
    High
Technical Analysis

Please see the Rapid7 analysis on the zero-day vulnerability. It is suspected that CVE-2021-20016 was used to compromise SonicWall’s internal network.

General Information

Vendors

  • SonicWall

Products

  • SonicWall SMA100

Additional Info

Technical Analysis