Main Vulnerability Database Exploits ID:7235 - Exploit for Stack-based buffer overflow in SMA 100 - CVE-2021-20038

ID:7235 - Exploit for Stack-based buffer overflow in SMA 100 - CVE-2021-20038

Published: January 12, 2022

Vulnerability identifier: #VU58619

Vulnerability risk: Critical

CVE-ID: CVE-2021-20038

CWE-ID: CWE-121

Exploitation vector: Remote access

Vulnerable software:
SMA 100

Link to public exploit:

https://github.com/jbaines-r7/badblood

Vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTTP GET requests in the SonicWall SMA SSLVPN. A remote unauthenticated attacker can send a specially crafted HTTP request to the SSL VPN interface, trigger a stack-based buffer overflow in the mod_cgi module and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install updates from vendor's website.

ID:7235 - Exploit for Stack-based buffer overflow in SMA 100 - CVE-2021-20038

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human