Remote Access Vulnerability in SonicWall Email Security Virtual Appliance
CVE-2021-20025

7.8HIGH

Key Information:

Vendor: Sonicwall
Status: Email Security Virtual Appliance
Vendor: CVE Published:; 13 May 2021

Summary

The SonicWall Email Security Virtual Appliance versions up to 10.0.9 are vulnerable due to a default username and password set during initial setup. This configuration poses a significant risk as it enables attackers to exploit this transitional user account for unauthorized remote access, provided the appliance is freshly installed and has not yet connected to Mysonicwall. Security measures should include changing default credentials and ensuring proper network isolation during setup.

Affected Version(s)

Email Security Virtual Appliance 10.0.9 and earlier

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-202...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 13, 2021
Vulnerability Reserved
Dec 17, 2020