Information disclosure in Sonicwall Sma100

CVE-2021-20018

A post-authenticated vulnerability in SonicWall SMA100 allows an attacker to export the configuration file to the specified email address. This vulnerability impacts SMA100 version 10.2.0.5 and earlier.

Vulnerability class: Information Disclosure

EPSS: 0.001 (25.9th percentile) — read the EPSS interpretation.

Affected products

Sonicwall Sma100 — versions 10.2.0.5 and earlier

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0005 (x_refsource_CONFIRM)