Sonicwall: >> Email Security Virtual Appliance >> 10.0.9 Security Vulnerabilities
SonicWall Email Security Virtual Appliance version 10.0.9 and earlier versions contain a default username and a password that is used at initial setup. An attacker could exploit this transitional/temporary user account from the trusted domain to access the Virtual Appliance remotely only when the device is freshly installed and not connected to Mysonicwall.
CVSS Score
7.8
EPSS Score
0.0
Published
2021-05-13
CVE-2021-20023
SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on the remote host.
Known exploited
CVSS Score
4.9
EPSS Score
0.542
Published
2021-04-20
CVE-2021-20021
A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host.
Known exploited
CVSS Score
9.8
EPSS Score
0.907
Published
2021-04-09
CVE-2021-20022
SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host.
Known exploited
CVSS Score
7.2
EPSS Score
0.326
Published
2021-04-09