ID

VAR-202104-0755


CVE

CVE-2021-20021


TITLE

SonicWall Email Security  Vulnerability in privilege management

Trust: 0.8

sources: JVNDB: JVNDB-2021-005325

DESCRIPTION

A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. SonicWall Email Security Contains a privilege management vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Sonicwall SonicWall Email Security Appliance is an email security protection device of SonicWall (Sonicwall) company in the United States

Trust: 2.34

sources: NVD: CVE-2021-20021 // JVNDB: JVNDB-2021-005325 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-377640 // VULMON: CVE-2021-20021

AFFECTED PRODUCTS

vendor:sonicwallmodel:hosted email securityscope:ltversion:10.0.9.6103

Trust: 1.0

vendor:sonicwallmodel:email securityscope:ltversion:10.0.9.6103

Trust: 1.0

vendor:sonicwallmodel:e-mail securityscope: - version: -

Trust: 0.8

vendor:sonicwallmodel:hosted e-mail securityscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-005325 // NVD: CVE-2021-20021

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-20021
value: CRITICAL

Trust: 1.0

NVD: CVE-2021-20021
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202104-594
value: CRITICAL

Trust: 0.6

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

VULHUB: VHN-377640
value: HIGH

Trust: 0.1

VULMON: CVE-2021-20021
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-20021
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-377640
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-20021
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-20021
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-377640 // VULMON: CVE-2021-20021 // JVNDB: JVNDB-2021-005325 // CNNVD: CNNVD-202104-594 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-20021

PROBLEMTYPE DATA

problemtype:CWE-269

Trust: 1.1

problemtype:Improper authority management (CWE-269) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-377640 // JVNDB: JVNDB-2021-005325 // NVD: CVE-2021-20021

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202104-594

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202104-594 // CNNVD: CNNVD-202104-975

PATCH

title:SNWLID-2021-0007url:https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0007

Trust: 0.8

title:SonicWall Email Security Appliance Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=147335

Trust: 0.6

sources: JVNDB: JVNDB-2021-005325 // CNNVD: CNNVD-202104-594

EXTERNAL IDS

db:NVDid:CVE-2021-20021

Trust: 3.4

db:JVNDBid:JVNDB-2021-005325

Trust: 0.8

db:CS-HELPid:SB2021041210

Trust: 0.6

db:CNNVDid:CNNVD-202104-594

Trust: 0.6

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:VULHUBid:VHN-377640

Trust: 0.1

db:VULMONid:CVE-2021-20021

Trust: 0.1

sources: VULHUB: VHN-377640 // VULMON: CVE-2021-20021 // JVNDB: JVNDB-2021-005325 // CNNVD: CNNVD-202104-594 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-20021

REFERENCES

url:https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0007

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-20021

Trust: 1.4

url:https://www.cybersecurity-help.cz/vdb/sb2021041210

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/269.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-377640 // VULMON: CVE-2021-20021 // JVNDB: JVNDB-2021-005325 // CNNVD: CNNVD-202104-594 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-20021

SOURCES

db:VULHUBid:VHN-377640
db:VULMONid:CVE-2021-20021
db:JVNDBid:JVNDB-2021-005325
db:CNNVDid:CNNVD-202104-594
db:CNNVDid:CNNVD-202104-975
db:NVDid:CVE-2021-20021

LAST UPDATE DATE

2024-08-14T12:41:48.655000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-377640date:2021-04-14T00:00:00
db:VULMONid:CVE-2021-20021date:2021-04-14T00:00:00
db:JVNDBid:JVNDB-2021-005325date:2021-12-13T01:34:00
db:CNNVDid:CNNVD-202104-594date:2021-04-19T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:NVDid:CVE-2021-20021date:2021-04-14T16:04:00.587

SOURCES RELEASE DATE

db:VULHUBid:VHN-377640date:2021-04-09T00:00:00
db:VULMONid:CVE-2021-20021date:2021-04-09T00:00:00
db:JVNDBid:JVNDB-2021-005325date:2021-12-13T00:00:00
db:CNNVDid:CNNVD-202104-594date:2021-04-09T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:NVDid:CVE-2021-20021date:2021-04-09T18:15:13.380