CVE-2021-20021
SonicWall Email Security Improper Privilege Management Vulnerability
CVSS
—
Sin CVSS
EPSS
83.4%
p100
KEV
SÍ
3 nov 2021
Exploit Today
80
0-100
Publicado: — · Última mod.: —
Producto
SonicWall / SonicWall Email Security
Vulnerabilidad
SonicWall Email Security Improper Privilege Management Vulnerability
Añadido a KEV
3 nov 2021
Remediar antes de
17 nov 2021
Uso conocido en ransomware
Sí
Descripción resumida
SonicWall Email Security contains an improper privilege management vulnerability that allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20022 and CVE-2021-20023 to achieve privilege escalation.
Acción requerida
Apply updates per vendor instructions.
Notas
https://nvd.nist.gov/vuln/detail/CVE-2021-20021