CVE-2021-20021
SonicWall Email Security Improper Privilege Management Vulnerability
CVSS
—
No CVSS
EPSS
83.4%
p100
KEV
YES
Nov 3, 2021
Exploit Today
80
0-100
Published: — · Last modified: —
Product
SonicWall / SonicWall Email Security
Vulnerability
SonicWall Email Security Improper Privilege Management Vulnerability
Added to KEV
Nov 3, 2021
Remediate by
Nov 17, 2021
Known ransomware use
Yes
Summary description
SonicWall Email Security contains an improper privilege management vulnerability that allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20022 and CVE-2021-20023 to achieve privilege escalation.
Required action
Apply updates per vendor instructions.
Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-20021