V
Scaner-VS
ENRU
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
Back to catalog
CVE-2021-20021
CVE
Critical KEVConfirmedExploit available

A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafte…

CVSS
9.8
Critical
EPSS
0.83
p99
Published
2021-01-01
Updated
2021-11-03
Description

A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host.

Tags · CWE
KEVPre-auth
CWE-269
CAPEC-58
CAPEC-122
CAPEC-233
Affected products
Email_security_virtual_appliance < 10.0.9.6105Hosted_email_security < 10.0.9.6103
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Timeline
2021-01-01
Published
2021-11-03
Added to KEV
2021-11-03
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: L
Low (L)
Privileges Required
PR: N
None (N)
User Interaction
UI: N
None (N)
Scope
S: U
Unchanged (U)
Confidentiality Impact
C: H
High (H)
Integrity Impact
I: H
High (H)
Availability Impact
A: H
High (H)
Exploit indicators
EPSS
0.834 · p99
Known exploited (KEV)
Yes
MITRE ATT&CK
Inferred via CAPEC
└ via CAPEC-122 · CWE-269
Known exploits — Сканер-ВС
CVE-2021-20021
github-poc · https://github.com/SUPRAAA-1337/CVE-2021-20021
Enterprise
Affected products
Microsoft
Windows
Sonicwall
Email SecurityHosted Email SecurityEmail Security Appliance 5000Email Security Appliance 5000 FirmwareEmail Security Appliance 5050Email Security Appliance 5050 FirmwareEmail Security Appliance 7000Email Security Appliance 7000 FirmwareEmail Security Appliance 7050Email Security Appliance 7050 Firmware+9
ProductVendorStatus
email_security*Exploited
email_security_appliance_3300_firmware*Exploited
email_security_appliance_4300_firmware*Exploited
email_security_appliance_5000_firmware*Exploited
email_security_appliance_5050_firmware*Exploited
email_security_appliance_7000_firmware*Exploited
email_security_appliance_7050_firmware*Exploited
email_security_appliance_8300_firmware*Exploited
email_security_appliance_9000_firmware*Exploited
email_security_virtual_appliance*Exploited
hosted_email_security*Exploited
Source databases
CVE
Related vulnerabilities
BDU:2021-02345BDU:2021-06256