CVE-2021-20042
CRITICALSonicWall SMA 100 - Unauthenticated Proxy Bypass
Title source: manualDescription
An unauthenticated remote attacker can use SMA 100 as an unintended proxy or intermediary undetectable proxy to bypass firewall rules. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026
Scores
CVSS v3
9.8
EPSS
0.0266
EPSS Percentile
83.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-441
Status
published
Products (15)
sonicwall/sma_200_firmware
9.0.0.11-31sv
sonicwall/sma_200_firmware
10.2.0.8-37sv
sonicwall/sma_200_firmware
10.2.1.1-19sv
sonicwall/sma_210_firmware
9.0.0.11-31sv
sonicwall/sma_210_firmware
10.2.0.8-37sv
sonicwall/sma_210_firmware
10.2.1.1-19sv
sonicwall/sma_400_firmware
9.0.0.11-31sv
sonicwall/sma_400_firmware
10.2.0.8-37sv
sonicwall/sma_400_firmware
10.2.1.1-19sv
sonicwall/sma_410_firmware
9.0.0.11-31sv
... and 5 more
Published
Dec 08, 2021
Tracked Since
Feb 18, 2026