An unauthenticated and remote adversary can consume all of the device's CPU due to crafted HTTP requests sent to SMA100 /fileshare/sonicfiles/sonicfiles resulting in a loop with unreachable exit condition. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.
2021-12-08T10:15:08.003
2024-11-21T05:45:50.287
Modified
CVSSv3.1: 7.5 (HIGH)
AV:N/AC:L/Au:N/C:N/I:N/A:C
10.0
6.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | sonicwall | sma_200_firmware | 9.0.0.11-31sv | Yes |
| Operating System | sonicwall | sma_200_firmware | 10.2.0.8-37sv | Yes |
| Operating System | sonicwall | sma_200_firmware | 10.2.1.1-19sv | Yes |
| Hardware | sonicwall | sma_200 | - | No |
| Operating System | sonicwall | sma_210_firmware | 9.0.0.11-31sv | Yes |
| Operating System | sonicwall | sma_210_firmware | 10.2.0.8-37sv | Yes |
| Operating System | sonicwall | sma_210_firmware | 10.2.1.1-19sv | Yes |
| Hardware | sonicwall | sma_210 | - | No |
| Operating System | sonicwall | sma_410_firmware | 9.0.0.11-31sv | Yes |
| Operating System | sonicwall | sma_410_firmware | 10.2.0.8-37sv | Yes |
| Operating System | sonicwall | sma_410_firmware | 10.2.1.1-19sv | Yes |
| Hardware | sonicwall | sma_410 | - | No |
| Operating System | sonicwall | sma_400_firmware | 9.0.0.11-31sv | Yes |
| Operating System | sonicwall | sma_400_firmware | 10.2.0.8-37sv | Yes |
| Operating System | sonicwall | sma_400_firmware | 10.2.1.1-19sv | Yes |
| Hardware | sonicwall | sma_400 | - | No |
| Operating System | sonicwall | sma_500v_firmware | 9.0.0.11-31sv | Yes |
| Operating System | sonicwall | sma_500v_firmware | 10.2.0.8-37sv | Yes |
| Operating System | sonicwall | sma_500v_firmware | 10.2.1.1-19sv | Yes |
| Hardware | sonicwall | sma_500v | - | No |