<div>SonicWall Email Security Virtual Appliance version 10.0.9 and earlier versions contain a default username and a password that is used at initial setup.</div><div> </div><div>An attacker could exploit this transitional/temporary user account from the trusted domain to access the Virtual Appliance only when the device is freshly installed and not connected to Mysonicwall.<br></div><div> </div><div>A successful exploit could allow the attacker to log in to the appliance remotely with root privilege access over a local area network.</div>
CVE: CVE-2021-20025
Last updated: May 13, 2021, 2 p.m.