7.5 CVE-2021-20041
An unauthenticated and remote adversary can consume all of the device's CPU due to crafted HTTP requests sent to SMA100 /fileshare/sonicfiles/sonicfiles resulting in a loop with unreachable exit condition. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.
https://nvd.nist.gov/vuln/detail/CVE-2021-20041
Categories
CWE-835 : Loop with Unreachable Exit Condition ('Infinite Loop')
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop. Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.) Chain: library for implementing Profinet devices does not check an input for a loop condition (CWE-606), allowing an infinite loop (CWE-835) via a crafted RPC packet Chain: an operating system does not properly process malformed Open Shortest Path First (OSPF) Type/Length/Value Identifiers (TLV) (CWE-703), which can cause the process to enter an infinite loop (CWE-835) A Python machine communication platform did not account for receiving a malformed packet with a null size, causing the receiving function to never update the message buffer and be caught in an infinite loop. Chain: off-by-one error (CWE-193) leads to infinite loop (CWE-835) using invalid hex-encoded characters. Chain: self-referential values in recursive definitions lead to infinite loop. NULL UDP packet is never cleared from a queue, leading to infinite loop. Chain: web browser crashes due to infinite loop - "badlooping logic [that relies on] floating point math [CWE-1339] to exitthe loop [CWE-835]" Floating point conversion routine cycles back and forth between two different values. Floating point conversion routine cycles back and forth between two different values. Chain: improperly clearing a pointer in a linked list leads to infinite loop. Chain: an integer overflow (CWE-190) in the image size calculation causes an infinite loop (CWE-835) which sequentially allocates buffers without limits (CWE-1325) until the stack is full. Chain: A denial of service may be caused by an uninitialized variable (CWE-457) allowing an infinite loop (CWE-835) resulting from a connection to an unresponsive server.
References
PSIRT@sonicwall.com
af854a3a-2127-422b-91ae-364da2661108
AFFECTED (from MITRE)
| Vendor |
Product |
Versions |
| SonicWall |
SonicWall SMA100 |
- 9.0.0.11-31sv and earlier [affected]
- 10.2.0.8-37sv and earlier [affected]
- 10.2.1.1-19sv and earlier [affected]
- 10.2.1.2-24sv and earlier [affected]
|
| © 2022 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation. |
CPE
| cpe |
start |
end |
| Configuration 1 |
| AND |
| cpe:2.3:o:sonicwall:sma_200_firmware:9.0.0.11-31sv:*:*:*:*:*:*:* |
|
|
| cpe:2.3:o:sonicwall:sma_200_firmware:10.2.0.8-37sv:*:*:*:*:*:*:* |
|
|
| cpe:2.3:o:sonicwall:sma_200_firmware:10.2.1.1-19sv:*:*:*:*:*:*:* |
|
|
| Running on/with |
| cpe:2.3:h:sonicwall:sma_200:-:*:*:*:*:*:*:* |
|
|
| Configuration 2 |
| AND |
| cpe:2.3:o:sonicwall:sma_210_firmware:9.0.0.11-31sv:*:*:*:*:*:*:* |
|
|
| cpe:2.3:o:sonicwall:sma_210_firmware:10.2.0.8-37sv:*:*:*:*:*:*:* |
|
|
| cpe:2.3:o:sonicwall:sma_210_firmware:10.2.1.1-19sv:*:*:*:*:*:*:* |
|
|
| Running on/with |
| cpe:2.3:h:sonicwall:sma_210:-:*:*:*:*:*:*:* |
|
|
| Configuration 3 |
| AND |
| cpe:2.3:o:sonicwall:sma_410_firmware:9.0.0.11-31sv:*:*:*:*:*:*:* |
|
|
| cpe:2.3:o:sonicwall:sma_410_firmware:10.2.0.8-37sv:*:*:*:*:*:*:* |
|
|
| cpe:2.3:o:sonicwall:sma_410_firmware:10.2.1.1-19sv:*:*:*:*:*:*:* |
|
|
| Running on/with |
| cpe:2.3:h:sonicwall:sma_410:-:*:*:*:*:*:*:* |
|
|
| Configuration 4 |
| AND |
| cpe:2.3:o:sonicwall:sma_400_firmware:9.0.0.11-31sv:*:*:*:*:*:*:* |
|
|
| cpe:2.3:o:sonicwall:sma_400_firmware:10.2.0.8-37sv:*:*:*:*:*:*:* |
|
|
| cpe:2.3:o:sonicwall:sma_400_firmware:10.2.1.1-19sv:*:*:*:*:*:*:* |
|
|
| Running on/with |
| cpe:2.3:h:sonicwall:sma_400:-:*:*:*:*:*:*:* |
|
|
| Configuration 5 |
| AND |
| cpe:2.3:o:sonicwall:sma_500v_firmware:9.0.0.11-31sv:*:*:*:*:*:*:* |
|
|
| cpe:2.3:o:sonicwall:sma_500v_firmware:10.2.0.8-37sv:*:*:*:*:*:*:* |
|
|
| cpe:2.3:o:sonicwall:sma_500v_firmware:10.2.1.1-19sv:*:*:*:*:*:*:* |
|
|
| Running on/with |
| cpe:2.3:h:sonicwall:sma_500v:-:*:*:*:*:*:*:* |
|
|
REMEDIATION
EXPLOITS
Exploit-db.com
| id |
description |
date |
|
| No known exploits |
POC Github
Other Nist (github, ...)
CAPEC
Common Attack Pattern Enumerations and Classifications
| id |
description |
severity |
| No entry |
Cybersecurity needs ?
Strengthen software security from the outset with our DevSecOps expertise
Integrate security right from the start of the software development cycle for more robust applications and greater customer confidence.
Our team of DevSecOps experts can help you secure your APIs, data pipelines, CI/CD chains, Docker containers and Kubernetes deployments.
Discover this offer
