CVE-2021-20021

Summary

A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host.

Affected Software

VendorProductVersion RangeStatus
SonicWallEmail Security10.0.9 and earlieraffected

Weaknesses

  • CWE-269: CWE-269: Improper Privilege Management

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: yes
    • Technical Impact: total

Additional References

References