Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up
Back to KEV List

SonicWall Email Security Improper Privilege Management Vulnerability

Added Nov. 3, 2021 Due Nov. 17, 2021 CVE-2021-20021
Overdue SonicWall / SonicWall Email Security Known Ransomware Use CWE-306

Description

SonicWall Email Security contains an improper privilege management vulnerability that allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20022 and CVE-2021-20023 to achieve privilege escalation.

Required Action

Apply updates per vendor instructions.

References

Additional Information

Catalog Version
2025.01.24
Catalog Released
Jan. 24, 2025
Days Until Due
0 days
Last Updated
6 months, 4 weeks ago