Main Vulnerability Database Exploits ID:7050 - Exploit for Improper Neutralization of HTTP Headers for Scripting Syntax in SonicOS - CVE-2021-20031

ID:7050 - Exploit for Improper Neutralization of HTTP Headers for Scripting Syntax in SonicOS - CVE-2021-20031

Published: November 25, 2021

Vulnerability identifier: #VU57238

Vulnerability risk: Low

CVE-ID: CVE-2021-20031

CWE-ID: CWE-644

Exploitation vector: Remote access

Vulnerable software:
SonicOS

Link to public exploit:

https://www.exploit-db.com/exploits/50414/

Vulnerability description

The vulnerability allows a remote attacker to perform a spoofing attack.

The vulnerability exists due to insufficient validation of user-supplied input when processing HTTP headers. A remote attacker can send a specially crafted HTTP response with arbitrary Host header value and redirect firewall management users to arbitrary web domains.

Remediation

Install updates from vendor's website.

ID:7050 - Exploit for Improper Neutralization of HTTP Headers for Scripting Syntax in SonicOS - CVE-2021-20031

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human