Login Sign Up

CVE-2021-20024

8.1 HIGH
Denial of Service

📋 TL;DR

CVE-2021-20024 is an out-of-bounds read vulnerability in SonicWall Switch LLDP protocol handling that allows attackers to cause system instability or potentially read sensitive information from memory. This affects organizations using vulnerable SonicWall Switch devices. The vulnerability requires network access to the LLDP service.

💻 Affected Systems

Products:
  • SonicWall Switch
Versions: Specific versions not detailed in provided references; check SonicWall advisory for exact affected versions
Operating Systems: SonicOS (SonicWall proprietary)
Default Config Vulnerable: ⚠️ Yes
Notes: LLDP (Link Layer Discovery Protocol) is typically enabled by default for network discovery and management.

📦 What is this software?

Switch by Sonicwall

View all CVEs affecting Switch →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could read sensitive memory contents including credentials, configuration data, or cryptographic keys, leading to complete system compromise and lateral movement within the network.

🟠

Likely Case

System instability, crashes, or denial of service affecting network switch functionality, potentially disrupting network operations.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing unauthorized access to LLDP services.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires sending specially crafted LLDP packets to vulnerable switches. No public exploit code was found in initial research.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check SonicWall advisory for specific patched firmware versions

Vendor Advisory: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0011

Restart Required: Yes

Instructions:

1. Log into SonicWall Switch management interface. 2. Check current firmware version. 3. Download latest firmware from SonicWall support portal. 4. Upload and apply firmware update. 5. Reboot switch to complete installation.

🔧 Temporary Workarounds

Disable LLDP Protocol

all

Disable LLDP protocol on affected switches to prevent exploitation

configure terminal
no lldp run
end
write memory

Network Segmentation

all

Restrict access to switch management interfaces using ACLs or firewall rules

🧯 If You Can't Patch

  • Implement strict network access controls to limit who can communicate with switch LLDP services
  • Monitor network traffic for anomalous LLDP packets and implement intrusion detection rules

🔍 How to Verify

Check if Vulnerable:

Check firmware version against SonicWall advisory and verify LLDP is enabled

Check Version:

show version (in SonicWall Switch CLI)

Verify Fix Applied:

Verify firmware version is updated to patched version and test LLDP functionality

📡 Detection & Monitoring

Log Indicators:

  • Switch crash logs
  • LLDP protocol errors
  • Memory access violations

Network Indicators:

  • Unusual LLDP packet patterns
  • Malformed LLDP packets to switch management interfaces

SIEM Query:

source="sonicwall-switch" AND (event_type="crash" OR protocol="lldp" AND status="error")

📊 Metadata

CVE ID: CVE-2021-20024
CVSS v3 Score: 8.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
CWE: CWE-125
Published: July 9, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-20024, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)