Remote Access Vulnerability in SonicWall Email Security Virtual Appliance
CVE-2021-20025

7.8HIGH

Key Information:

Vendor: Sonicwall
Status: Email Security Virtual Appliance
Vendor: CVE Published:; 13 May 2021

What is CVE-2021-20025?

The SonicWall Email Security Virtual Appliance versions up to 10.0.9 are vulnerable due to a default username and password set during initial setup. This configuration poses a significant risk as it enables attackers to exploit this transitional user account for unauthorized remote access, provided the appliance is freshly installed and has not yet connected to Mysonicwall. Security measures should include changing default credentials and ensuring proper network isolation during setup.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Email Security Virtual Appliance 10.0.9 and earlier

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-202...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 13, 2021
Vulnerability Reserved
Dec 17, 2020

JSON

Sonicwall

What is CVE-2021-20025?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.