7.8
CVE-2021-20025
- EPSS 0.02%
- Veröffentlicht 13.05.2021 15:15:07
- Zuletzt bearbeitet 21.11.2024 05:45:48
- Quelle PSIRT@sonicwall.com
- CVE-Watchlists
- Unerledigt
LoginSonicWall Email Security Virtual Appliance version 10.0.9 and earlier versions contain a default username and a password that is used at initial setup. An attacker could exploit this transitional/temporary user account from the trusted domain to access the Virtual Appliance remotely only when the device is freshly installed and not connected to Mysonicwall.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Sonicwall ≫ Email Security Virtual Appliance Version <= 10.0.9
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.05 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.9 | 3.4 | 10 |
AV:L/AC:M/Au:N/C:C/I:C/A:C
|
CWE-798 Use of Hard-coded Credentials
The product contains hard-coded credentials, such as a password or cryptographic key.