CVE-2021-20042

CRITICAL

SMA - SSRF

Title source: llm

Description

An unauthenticated remote attacker can use SMA 100 as an unintended proxy or intermediary undetectable proxy to bypass firewall rules. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.

References (1)

[Vendor Advisory] https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026

Scores

CVSS v3 9.8

EPSS 0.0088

EPSS Percentile 75.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-441

Status published

Products (15)

sonicwall/sma_200_firmware 9.0.0.11-31sv

sonicwall/sma_200_firmware 10.2.0.8-37sv

sonicwall/sma_200_firmware 10.2.1.1-19sv

sonicwall/sma_210_firmware 9.0.0.11-31sv

sonicwall/sma_210_firmware 10.2.0.8-37sv

sonicwall/sma_210_firmware 10.2.1.1-19sv

sonicwall/sma_400_firmware 9.0.0.11-31sv

sonicwall/sma_400_firmware 10.2.0.8-37sv

sonicwall/sma_400_firmware 10.2.1.1-19sv

sonicwall/sma_410_firmware 9.0.0.11-31sv

... and 5 more

Published Dec 08, 2021

Tracked Since Feb 18, 2026