CVE-2021-20025
N/A
N/A
Summary
SonicWall Email Security Virtual Appliance version 10.0.9 and earlier versions contain a default username and a password that is used at initial setup. An attacker could exploit this transitional/temporary user account from the trusted domain to access the Virtual Appliance remotely only when the device is freshly installed and not connected to Mysonicwall.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SonicWall | Email Security Virtual Appliance | 10.0.9 and earlier | affected |
Weaknesses
- CWE-798: CWE-798: Use of Hard-coded Credentials
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.