CVE-2021-20025

SonicWall Email Security Virtual Appliance version 10.0.9 and earlier versions contain a default username and a password that is used at initial setup. An attacker could exploit this transitional/temporary user account from the trusted domain to access the Virtual Appliance remotely only when the device is freshly installed and not connected to Mysonicwall.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
sonicwallCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
VendorProductVersion
sonicwallemail_security_virtual_appliance
𝑥
≤ 10.0.9
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0012
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0012