PT-2021-2800 · Sonicwall · Sonicwall Email Security

Published

2021-04-09

Updated

2025-11-21

CVE-2021-20021

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions SonicWall Email Security version 10.0.9.x

Description The issue is related to improper privilege management in SonicWall Email Security, allowing a remote attacker to create an administrative account by sending a crafted HTTP request. This can impact the confidentiality, integrity, and availability of protected information.

Recommendations For SonicWall Email Security version 10.0.9.x, consider restricting access to administrative account creation functionality until a patch is available. As a temporary workaround, consider disabling remote HTTP request handling for administrative account creation until a fix is provided. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

BDU:2021-02345

BDU:2021-06256

CVE-2021-20021

Affected Products

Sonicwall Email Security

PT-2021-2800 · Sonicwall · Sonicwall Email Security

CVE-2021-20021

Weakness Enumeration

Related Identifiers

Affected Products

References · 14