CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-20021

A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.85

EPSS Ranking 99.3%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

Proposed Action

SonicWall Email Security contains an improper privilege management vulnerability that allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20022 and CVE-2021-20023 to achieve privilege escalation.

Ransomware Campaign

Known

References

Products affected by CVE-2021-20021

Sonicwall » Email Security » Version: N/A

cpe:2.3:a:sonicwall:email_security:-
Sonicwall » Email Security » Version: 10.0.9

cpe:2.3:a:sonicwall:email_security:10.0.9
Sonicwall » Hosted Email Security » Version: Any

cpe:2.3:a:sonicwall:hosted_email_security:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-20021

Products

Pricing

Contact Us