CVE-2021-20038
Published: 08 December 2021
Summary
CVE-2021-20038 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Sonicwall Sma 200 Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 0.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
A stack-based buffer overflow vulnerability exists in the mod_cgi module of the Apache httpd server on SMA100 appliances, triggered via environment variables. It affects SonicWall SMA 200, 210, 400, 410, and 500v appliances running firmware 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv, and earlier versions, and is also associated with CWE-121 and CWE-787.
A remote unauthenticated attacker can exploit the flaw over the network to potentially execute arbitrary code as the 'nobody' user on the appliance. The issue received a CVSS 3.1 score of 9.8, reflecting the combination of low attack complexity, no required privileges or user interaction, and full impact on confidentiality, integrity, and availability.
SonicWall PSIRT advisory SNWLID-2021-0026 and related reporting from Rapid7 document the issue, while public proof-of-concept code is available in the badblood repository.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-7501
Vulnerability details
A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v…
more
appliances firmware 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv and earlier versions.
- CWE(s)
- KEV Date Added
- 28 January 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation of all input (including environment variables passed to mod_cgi) to reject malformed data that would trigger the stack buffer overflow.
Requires memory-protection mechanisms (ASLR, non-executable stack, bounds checking) that block exploitation of the stack-based buffer overflow even if triggered.
Mandates timely installation of vendor patches that remediate the mod_cgi buffer-overflow flaw in the listed SMA firmware versions.