What is CVE-2021-20042?

CVE-2021-20042 is a vulnerability in Sonicwall Sma100, classified under Unintended Proxy or Intermediary (Confused Deputy). Published 2021-12-08.

Is CVE-2021-20042 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Sonicwall Sma100

CVE-2021-20042

An unauthenticated remote attacker can use SMA 100 as an unintended proxy or intermediary undetectable proxy to bypass firewall rules. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.

EPSS: 0.006 (68.6th percentile) — read the EPSS interpretation.

Affected products

Sonicwall Sma100 — versions 9.0.0.11-31sv and earlier, 10.2.0.8-37sv and earlier, 10.2.1.1-19sv and earlier

Weakness classification (CWE)

CWE-441 — Unintended Proxy or Intermediary (Confused Deputy)

Public proof-of-concept exploits

XRSec/AWVS14-Update

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2021-20042?: CVE-2021-20042 is a vulnerability in Sonicwall Sma100, classified under Unintended Proxy or Intermediary (Confused Deputy). Published 2021-12-08.
Is CVE-2021-20042 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.