Sign-up

ID

VAR-202105-0586


CVE

CVE-2021-20025


TITLE

SonicWall Email Security Virtual Appliance  Vulnerability in Using Hard Coded Credentials

Trust: 0.8

sources: JVNDB: JVNDB-2021-007422

DESCRIPTION

SonicWall Email Security Virtual Appliance version 10.0.9 and earlier versions contain a default username and a password that is used at initial setup. An attacker could exploit this transitional/temporary user account from the trusted domain to access the Virtual Appliance remotely only when the device is freshly installed and not connected to Mysonicwall. SonicWall Email Security Virtual Appliance Is vulnerable to the use of hard-coded credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Sonicwall SonicWall Email Security Appliance is an email security protection device of SonicWall (Sonicwall) company in the United States

Trust: 2.34

sources: NVD: CVE-2021-20025 // JVNDB: JVNDB-2021-007422 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-377644 // VULMON: CVE-2021-20025

AFFECTED PRODUCTS

vendor:sonicwallmodel:email security virtual appliancescope:lteversion:10.0.9

Trust: 1.0

vendor:sonicwallmodel:email security virtual appliancescope:lteversion:10.0.9 and earlier

Trust: 0.8

vendor:sonicwallmodel:email security virtual appliancescope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-007422 // NVD: CVE-2021-20025

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-20025
value: HIGH

Trust: 1.0

NVD: CVE-2021-20025
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202105-825
value: HIGH

Trust: 0.6

VULHUB: VHN-377644
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-20025
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-377644
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-20025
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-20025
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-377644 // JVNDB: JVNDB-2021-007422 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-825 // NVD: CVE-2021-20025

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.1

problemtype:Using hardcoded credentials (CWE-798) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-377644 // JVNDB: JVNDB-2021-007422 // NVD: CVE-2021-20025

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202105-825

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:SNWLID-2021-0012url:https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0012

Trust: 0.8

title:SonicWall Email Security Appliance Repair measures for trust management problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=150468

Trust: 0.6

sources: JVNDB: JVNDB-2021-007422 // CNNVD: CNNVD-202105-825

EXTERNAL IDS

db:NVDid:CVE-2021-20025

Trust: 3.4

db:JVNDBid:JVNDB-2021-007422

Trust: 0.8

db:CNNVDid:CNNVD-202105-825

Trust: 0.7

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CS-HELPid:SB2021051315

Trust: 0.6

db:VULHUBid:VHN-377644

Trust: 0.1

db:VULMONid:CVE-2021-20025

Trust: 0.1

sources: VULHUB: VHN-377644 // VULMON: CVE-2021-20025 // JVNDB: JVNDB-2021-007422 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-825 // NVD: CVE-2021-20025

REFERENCES

url:https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0012

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-20025

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021051315

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-377644 // VULMON: CVE-2021-20025 // JVNDB: JVNDB-2021-007422 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-825 // NVD: CVE-2021-20025

SOURCES

db:VULHUBid:VHN-377644
db:VULMONid:CVE-2021-20025
db:JVNDBid:JVNDB-2021-007422
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202105-825
db:NVDid:CVE-2021-20025

LAST UPDATE DATE

2024-08-14T12:36:29.133000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-377644date:2021-06-04T00:00:00
db:VULMONid:CVE-2021-20025date:2021-05-13T00:00:00
db:JVNDBid:JVNDB-2021-007422date:2022-02-10T08:57:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202105-825date:2021-06-07T00:00:00
db:NVDid:CVE-2021-20025date:2021-06-04T18:01:16.577

SOURCES RELEASE DATE

db:VULHUBid:VHN-377644date:2021-05-13T00:00:00
db:VULMONid:CVE-2021-20025date:2021-05-13T00:00:00
db:JVNDBid:JVNDB-2021-007422date:2022-02-10T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202105-825date:2021-05-13T00:00:00
db:NVDid:CVE-2021-20025date:2021-05-13T15:15:07.653