What is CVE-2021-20041?

CVE-2021-20041 is a vulnerability in the Sonicwall SMA appliances that allows an unauthenticated remote adversary to consume all of the device's CPU by sending crafted HTTP requests.

Which devices are affected by CVE-2021-20041?

CVE-2021-20041 affects the SMA 200, 210, 400, 410, and 500v appliances.

What is the severity of CVE-2021-20041?

CVE-2021-20041 has a severity score of 7.5, which is considered high.

How can I fix CVE-2021-20041?

To fix CVE-2021-20041, users should update their Sonicwall SMA firmware to the latest version provided by Sonicwall.

Where can I find more information about CVE-2021-20041?

You can find more information about CVE-2021-20041 on the Sonicwall PSIRT website.

Vulnerability/
CVE-2021-20041

high

7.8

CWE

835

8/12/2021

3/8/2024

CVE-2021-20041

First published: Wed Dec 08 2021(Updated: )

An unauthenticated and remote adversary can consume all of the device's CPU due to crafted HTTP requests sent to SMA100 /fileshare/sonicfiles/sonicfiles resulting in a loop with unreachable exit condition. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.

Credit: PSIRT@sonicwall.com

Affected Software	Affected Version	How to fix
Sonicwall Sma 200 Firmware	=9.0.0.11-31sv
Sonicwall Sma 200 Firmware	=10.2.0.8-37sv
Sonicwall Sma 200 Firmware	=10.2.1.1-19sv
Sonicwall Sma 200
Sonicwall Sma 210 Firmware	=9.0.0.11-31sv
Sonicwall Sma 210 Firmware	=10.2.0.8-37sv
Sonicwall Sma 210 Firmware	=10.2.1.1-19sv
Sonicwall Sma 210
Sonicwall Sma 410 Firmware	=9.0.0.11-31sv
Sonicwall Sma 410 Firmware	=10.2.0.8-37sv
Sonicwall Sma 410 Firmware	=10.2.1.1-19sv
Sonicwall Sma 410
Sonicwall Sma 400 Firmware	=9.0.0.11-31sv
Sonicwall Sma 400 Firmware	=10.2.0.8-37sv
Sonicwall Sma 400 Firmware	=10.2.1.1-19sv
Sonicwall Sma 400
Sonicwall Sma 500v Firmware	=9.0.0.11-31sv
Sonicwall Sma 500v Firmware	=10.2.0.8-37sv
Sonicwall Sma 500v Firmware	=10.2.1.1-19sv
Sonicwall Sma 500v

Never miss a vulnerability like this again

Reference Links

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026

Frequently Asked Questions

What is CVE-2021-20041?
CVE-2021-20041 is a vulnerability in the Sonicwall SMA appliances that allows an unauthenticated remote adversary to consume all of the device's CPU by sending crafted HTTP requests.
Which devices are affected by CVE-2021-20041?
CVE-2021-20041 affects the SMA 200, 210, 400, 410, and 500v appliances.
What is the severity of CVE-2021-20041?
CVE-2021-20041 has a severity score of 7.5, which is considered high.
How can I fix CVE-2021-20041?
To fix CVE-2021-20041, users should update their Sonicwall SMA firmware to the latest version provided by Sonicwall.
Where can I find more information about CVE-2021-20041?
You can find more information about CVE-2021-20041 on the Sonicwall PSIRT website.

collector/nvd-index
agent/severity
agent/references
agent/author
agent/type
agent/event
agent/weakness
agent/tags
agent/description
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
collector/mitre-cve
source/MITRE
vendor/sonicwall
canonical/sonicwall sma 200 firmware
version/sonicwall sma 200 firmware/9.0.0.11-31sv
version/sonicwall sma 200 firmware/10.2.0.8-37sv
version/sonicwall sma 200 firmware/10.2.1.1-19sv
canonical/sonicwall sma 200
canonical/sonicwall sma 210 firmware
version/sonicwall sma 210 firmware/9.0.0.11-31sv
version/sonicwall sma 210 firmware/10.2.0.8-37sv
version/sonicwall sma 210 firmware/10.2.1.1-19sv
canonical/sonicwall sma 210
canonical/sonicwall sma 410 firmware
version/sonicwall sma 410 firmware/9.0.0.11-31sv
version/sonicwall sma 410 firmware/10.2.0.8-37sv
version/sonicwall sma 410 firmware/10.2.1.1-19sv
canonical/sonicwall sma 410
canonical/sonicwall sma 400 firmware
version/sonicwall sma 400 firmware/9.0.0.11-31sv
version/sonicwall sma 400 firmware/10.2.0.8-37sv
version/sonicwall sma 400 firmware/10.2.1.1-19sv
canonical/sonicwall sma 400
canonical/sonicwall sma 500v firmware
version/sonicwall sma 500v firmware/9.0.0.11-31sv
version/sonicwall sma 500v firmware/10.2.0.8-37sv
version/sonicwall sma 500v firmware/10.2.1.1-19sv
canonical/sonicwall sma 500v