CVE-2021-20025

Summary

SonicWall Email Security Virtual Appliance version 10.0.9 and earlier versions contain a default username and a password that is used at initial setup. An attacker could exploit this transitional/temporary user account from the trusted domain to access the Virtual Appliance remotely only when the device is freshly installed and not connected to Mysonicwall.

Affected Software

VendorProductVersion RangeStatus
SonicWallEmail Security Virtual Appliance10.0.9 and earlieraffected

Weaknesses

  • CWE-798: CWE-798: Use of Hard-coded Credentials

ADP Enrichment

CVE Program Container

Additional References

References