CVE-2021-20025
7.8HIGH
Key Information
- Vendor
- Sonicwall
- Status
- Email Security Virtual Appliance
- Vendor
- CVE Published:
- 13 May 2021
Summary
SonicWall Email Security Virtual Appliance version 10.0.9 and earlier versions contain a default username and a password that is used at initial setup. An attacker could exploit this transitional/temporary user account from the trusted domain to access the Virtual Appliance remotely only when the device is freshly installed and not connected to Mysonicwall.
Affected Version(s)
Email Security Virtual Appliance = 10.0.9 and earlier
Refferences
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database