CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.
Remediation Deadline: Feb 11, 2022
Description
SonicWall SMA 100 devies are vulnerable to an unauthenticated stack-based buffer overflow vulnerability where exploitation can result in code execution.
CVSS Score
9.8/ 10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HEPSS — Exploit Probability
94.3%
Higher than 99.9% of all CVEs
Weakness Classification (CWE)
Known Exploits
POChttps://github.com/jbaines-r7/badbloodExploithttps://www.rapid7.com/blog/post/2022/01/11/cve-2021-20038-42-sonicwall-sma-100-multiple-vulnerabilities-fixed-2/Exploithttps://github.com/jbaines-r7/badbloodExploithttps://www.rapid7.com/blog/post/2022/01/11/cve-2021-20038-42-sonicwall-sma-100-multiple-vulnerabilities-fixed-2/Exploit
Required Action
https://nvd.nist.gov/vuln/detail/CVE-2021-20038
Risk Assessment
CRITICALIn CISA KEV
Known exploit
Critical CVSS
High EPSS
Ransomware
Details
- Severity
- High
- CVSS
- 9.8
- EPSS
- 94.3%
- CWE
- CWE-121
- Exploit
- POC
- CISA KEV
- Yes
- Ransomware
- Known
- Articles
- 0
Timeline
Published
Jan 28, 2022
Added to KEV
Jan 28, 2022
Remediation Due
Feb 11, 2022