CVE-2021-20021: SonicWall Email Security Improper Privilege Management

SonicWall Email Security Improper Privilege Management Vulnerability. SonicWall Email Security contains an improper privilege management vulnerability that allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20022 and CVE-2021-20023 to achieve privilege escalation.

• CISA KEV-listed (remediation due 2021-11-17)
• used in ransomware campaigns
• EPSS 91.2% (99.7% percentile)

Browse the CVE database

Read the full analysis on IntelFusions