{"containers": {"cna": {"affected": [{"product": "SonicWall SMA100", "vendor": "SonicWall", "versions": [{"status": "affected", "version": "10.2.0.8-37sv and earlier"}, {"status": "affected", "version": "10.2.1.2-24sv and earlier"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. This vulnerability impacts 10.2.1.2-24sv, 10.2.0.8-37sv and earlier 10.x versions."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-204", "description": "CWE-204: Observable Response Discrepancy", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-12-23T01:20:09", "orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315", "shortName": "sonicwall"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0030"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "PSIRT@sonicwall.com", "ID": "CVE-2021-20049", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SonicWall SMA100", "version": {"version_data": [{"version_value": "10.2.0.8-37sv and earlier"}, {"version_value": "10.2.1.2-24sv and earlier"}]}}]}, "vendor_name": "SonicWall"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. This vulnerability impacts 10.2.1.2-24sv, 10.2.0.8-37sv and earlier 10.x versions."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-204: Observable Response Discrepancy"}]}]}, "references": {"reference_data": [{"name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0030", "refsource": "CONFIRM", "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0030"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T17:30:07.418Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0030"}]}]}, "cveMetadata": {"assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315", "assignerShortName": "sonicwall", "cveId": "CVE-2021-20049", "datePublished": "2021-12-23T01:20:09", "dateReserved": "2020-12-17T00:00:00", "dateUpdated": "2024-08-03T17:30:07.418Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sonicwall:sma_100_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C1A02AA5-1A61-429B-B0B3-898636C4B563", "versionEndExcluding": "10.0.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:sonicwall:sma_100_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", "matchCriteriaId": "87A26093-E966-4EBA-AA58-2C98499B9165", "vulnerable": true}, {"criteria": "cpe:2.3:o:sonicwall:sma_100_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*", "matchCriteriaId": "5575D431-4FF7-4717-9DA8-4DBD1EF49BB1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sonicwall:sma100:-:*:*:*:*:*:*:*", "matchCriteriaId": "8E4A2B7B-40F5-4AE0-ACC7-E94B82435DBA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sonicwall:sma_200_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "903AAB55-2325-44BA-ADA9-69AAEE9A1AF9", "versionEndExcluding": "10.0.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:sonicwall:sma_200_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", "matchCriteriaId": "4185C028-6A07-4A92-8380-9AA3953D2CFD", "vulnerable": true}, {"criteria": "cpe:2.3:o:sonicwall:sma_200_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*", "matchCriteriaId": "01134E66-F1FD-477B-AD44-FDEE8368BE18", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sonicwall:sma200:-:*:*:*:*:*:*:*", "matchCriteriaId": "F4AE2DFC-D7C3-40B8-B3DD-B65F7BB5D8C3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sonicwall:sma_210_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F4892669-DD8A-4A28-B6AA-632A8DA861AC", "versionEndExcluding": "10.0.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:sonicwall:sma_210_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", "matchCriteriaId": "E62EEC93-6F52-4DDB-95F0-D5736391D64C", "vulnerable": true}, {"criteria": "cpe:2.3:o:sonicwall:sma_210_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*", "matchCriteriaId": "B38AAB98-7668-4F34-8D5F-9933422F12DD", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sonicwall:sma210:-:*:*:*:*:*:*:*", "matchCriteriaId": "E069FF32-C6B6-4EB3-B6E4-CEF6A6C4257D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sonicwall:sma_400_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F9AC3454-D403-4989-81F3-9DD7608967AA", "versionEndExcluding": "10.0.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:sonicwall:sma_400_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", "matchCriteriaId": "9BE21589-3BEC-4245-9939-CF50DE70B12A", "vulnerable": true}, {"criteria": "cpe:2.3:o:sonicwall:sma_400_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*", "matchCriteriaId": "54946A90-09AC-4387-BACB-883AE70FD5A7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sonicwall:sma400:-:*:*:*:*:*:*:*", "matchCriteriaId": "8A0EF9C5-685E-49A4-ABFE-302781111753", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sonicwall:sma_410_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "42AE0158-515A-4565-B814-27AEAD941304", "versionEndExcluding": "10.0.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:sonicwall:sma_410_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", "matchCriteriaId": "53698BD3-43B6-4EC4-8847-E6ED9A3CB6F6", "vulnerable": true}, {"criteria": "cpe:2.3:o:sonicwall:sma_410_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*", "matchCriteriaId": "9F1FA3D8-C44A-4F33-B35D-AADF8C4E45DF", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sonicwall:sma410:-:*:*:*:*:*:*:*", "matchCriteriaId": "47C0EBD9-B4BA-4E45-8BE3-3B6C60BF0FC1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sonicwall:sma_500v_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4AE054F5-87E5-4DF5-9CD8-BF39428A092F", "versionEndExcluding": "10.0.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:sonicwall:sma_500v_firmware:10.2.0.8-37sv:*:*:*:*:*:*:*", "matchCriteriaId": "379F7CA2-8914-4710-AE6B-D2833605D4B8", "vulnerable": true}, {"criteria": "cpe:2.3:o:sonicwall:sma_500v_firmware:10.2.1.2-24sv:*:*:*:*:*:*:*", "matchCriteriaId": "9395563D-9071-4CE2-BAEA-D6854F4AD961", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sonicwall:sma500v:-:*:*:*:*:*:*:*", "matchCriteriaId": "8FF52AAE-592C-4472-866C-7776ADBA5E93", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. This vulnerability impacts 10.2.1.2-24sv, 10.2.0.8-37sv and earlier 10.x versions."}, {"lang": "es", "value": "Una vulnerabilidad en la API de cambio de contrase\u00f1a de SonicWall SMA100, permite a un atacante remoto no autenticado llevar a cabo una enumeraci\u00f3n de nombres de usuario de SMA100 bas\u00e1ndose en las respuestas del servidor. Esta vulnerabilidad afecta a las versiones 10.2.1.2-24sv, 10.2.0.8-37sv y versiones anteriores 10.x"}], "id": "CVE-2021-20049", "lastModified": "2024-11-21T05:45:51.337", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-12-23T02:15:06.583", "references": [{"source": "PSIRT@sonicwall.com", "tags": ["Vendor Advisory"], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0030"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0030"}], "sourceIdentifier": "PSIRT@sonicwall.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-204"}], "source": "PSIRT@sonicwall.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-203"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}