Vulnerability Details CVE-2021-20025
SonicWall Email Security Virtual Appliance version 10.0.9 and earlier versions contain a default username and a password that is used at initial setup. An attacker could exploit this transitional/temporary user account from the trusted domain to access the Virtual Appliance remotely only when the device is freshly installed and not connected to Mysonicwall.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 5.0%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 6.9
References
Products affected by CVE-2021-20025
-
cpe:2.3:a:sonicwall:email_security_virtual_appliance:-
-
cpe:2.3:a:sonicwall:email_security_virtual_appliance:10.0.5
-
cpe:2.3:a:sonicwall:email_security_virtual_appliance:10.0.7
-
cpe:2.3:a:sonicwall:email_security_virtual_appliance:10.0.9
-
cpe:2.3:a:sonicwall:email_security_virtual_appliance:9.0.6