CVE-2021-20021
CVE-2021-20021
In short
A flaw in SonicWall Email Security lets attackers create admin accounts by sending specially crafted requests to the server. This is critical because an attacker gains full control of the email security system without needing existing credentials.
Technical detail
An improper access control vulnerability (CWE-269) in SonicWall Email Security 10.0.9.x permits unauthenticated attackers to create administrative accounts via crafted HTTP requests. No authentication or special preconditions are required, resulting in complete compromise of the email security gateway.
Summary generated and translated by AI from the official description.
A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
SonicWall · Email Securitypublic PoCs found — 1
githubgithub.com/SUPRAAA-1337/CVE-2021-20021★ 2⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →