CVE-2021-20031
First published: Tue Oct 12 2021(Updated: )
A Host Header Redirection vulnerability in SonicOS potentially allows a remote attacker to redirect firewall management users to arbitrary web domains.
Credit: PSIRT@sonicwall.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SonicWall SonicOS | <=7.0.1-r1262 | |
| Sonicwall Nsa 2650 | ||
| Sonicwall Nsa 2700 | ||
| Sonicwall Nsa 3650 | ||
| Sonicwall Nsa 3700 | ||
| Sonicwall Nsa 4650 | ||
| Sonicwall Nsa 4700 | ||
| Sonicwall Nsa 5650 | ||
| Sonicwall Nsa 6650 | ||
| Sonicwall Nsa 6700 | ||
| Sonicwall Nsa 9250 | ||
| Sonicwall Nsa 9450 | ||
| Sonicwall Nsa 9650 | ||
| Sonicwall Tz270 | ||
| Sonicwall Tz270w | ||
| Sonicwall Tz300 | ||
| Sonicwall Tz300p | ||
| Sonicwall Tz300w | ||
| Sonicwall Tz350 | ||
| Sonicwall Tz350w | ||
| Sonicwall Tz370 | ||
| Sonicwall Tz370w | ||
| Sonicwall Tz400 | ||
| Sonicwall Tz400w | ||
| Sonicwall Tz470 | ||
| Sonicwall Tz470w | ||
| Sonicwall Tz500 | ||
| Sonicwall Tz500w | ||
| Sonicwall Tz570 | ||
| Sonicwall Tz570p | ||
| Sonicwall Tz570w | ||
| Sonicwall Tz600 | ||
| Sonicwall Tz600p | ||
| Sonicwall Tz670 | ||
| SonicWall SonicOS | <=7.0.1-r1283 | |
| Sonicwall Nsv 10 | ||
| Sonicwall Nsv 100 | ||
| Sonicwall Nsv 1600 | ||
| Sonicwall Nsv 200 | ||
| Sonicwall Nsv 25 | ||
| Sonicwall Nsv 270 | ||
| Sonicwall Nsv 300 | ||
| Sonicwall Nsv 400 | ||
| Sonicwall Nsv 470 | ||
| Sonicwall Nsv 50 | ||
| Sonicwall Nsv 800 | ||
| Sonicwall Nsv 870 | ||
| SonicWall SonicOS | <=7.0.1-r579 | |
| Sonicwall Nssp 12400 | ||
| Sonicwall Nssp 12800 | ||
| Sonicwall Nssp 13700 | ||
| Sonicwall Nssp 15700 | ||
| SonicWall SonicOS | <=6.5.4.7 | |
| Sonicwall Soho 250w | ||
| Sonicwall Supermassive 9200 | ||
| Sonicwall Supermassive 9400 | ||
| Sonicwall Supermassive 9600 | ||
| Sonicwall Supermassive 9800 | ||
| SonicWall SonicOS | <=6.5.1.12 | |
| SonicWall SonicOS | <=6.0.5.3-94o | |
| Sonicwall Supermassive E10200 | ||
| Sonicwall Supermassive E10400 | ||
| Sonicwall Supermassive E10800 | ||
| SonicWall SonicOS | <=5.9.1.13 | |
| Sonicwall Soho 250 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-20031?
CVE-2021-20031 is a Host Header Redirection vulnerability in SonicOS.
How can a remote attacker exploit CVE-2021-20031?
A remote attacker can exploit CVE-2021-20031 by redirecting firewall management users to arbitrary web domains.
Which software is affected by CVE-2021-20031?
SonicOS versions up to and including 7.0.1-r1262 are affected by CVE-2021-20031.
What is the severity of CVE-2021-20031?
CVE-2021-20031 has a severity score of 6.1 (medium).
Where can I find more information about CVE-2021-20031?
You can find more information about CVE-2021-20031 at the following references: [Packetstorm Security](http://packetstormsecurity.com/files/164502/Sonicwall-SonicOS-7.0-Host-Header-Injection.html), [SonicWall PSIRT](https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0019).
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/tags
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- vendor/sonicwall
- canonical/sonicwall sonicos
- version/sonicwall sonicos/7.0.1-r1262
- canonical/sonicwall nsa 2650
- canonical/sonicwall nsa 2700
- canonical/sonicwall nsa 3650
- canonical/sonicwall nsa 3700
- canonical/sonicwall nsa 4650
- canonical/sonicwall nsa 4700
- canonical/sonicwall nsa 5650
- canonical/sonicwall nsa 6650
- canonical/sonicwall nsa 6700
- canonical/sonicwall nsa 9250
- canonical/sonicwall nsa 9450
- canonical/sonicwall nsa 9650
- canonical/sonicwall tz270
- canonical/sonicwall tz270w
- canonical/sonicwall tz300
- canonical/sonicwall tz300p
- canonical/sonicwall tz300w
- canonical/sonicwall tz350
- canonical/sonicwall tz350w
- canonical/sonicwall tz370
- canonical/sonicwall tz370w
- canonical/sonicwall tz400
- canonical/sonicwall tz400w
- canonical/sonicwall tz470
- canonical/sonicwall tz470w
- canonical/sonicwall tz500
- canonical/sonicwall tz500w
- canonical/sonicwall tz570
- canonical/sonicwall tz570p
- canonical/sonicwall tz570w
- canonical/sonicwall tz600
- canonical/sonicwall tz600p
- canonical/sonicwall tz670
- version/sonicwall sonicos/7.0.1-r1283
- canonical/sonicwall nsv 10
- canonical/sonicwall nsv 100
- canonical/sonicwall nsv 1600
- canonical/sonicwall nsv 200
- canonical/sonicwall nsv 25
- canonical/sonicwall nsv 270
- canonical/sonicwall nsv 300
- canonical/sonicwall nsv 400
- canonical/sonicwall nsv 470
- canonical/sonicwall nsv 50
- canonical/sonicwall nsv 800
- canonical/sonicwall nsv 870
- version/sonicwall sonicos/7.0.1-r579
- canonical/sonicwall nssp 12400
- canonical/sonicwall nssp 12800
- canonical/sonicwall nssp 13700
- canonical/sonicwall nssp 15700
- version/sonicwall sonicos/6.5.4.7
- canonical/sonicwall soho 250w
- canonical/sonicwall supermassive 9200
- canonical/sonicwall supermassive 9400
- canonical/sonicwall supermassive 9600
- canonical/sonicwall supermassive 9800
- version/sonicwall sonicos/6.5.1.12
- version/sonicwall sonicos/6.0.5.3-94o
- canonical/sonicwall supermassive e10200
- canonical/sonicwall supermassive e10400
- canonical/sonicwall supermassive e10800
- version/sonicwall sonicos/5.9.1.13
- canonical/sonicwall soho 250