SonicWall Email Security Virtual Appliance Static Credential Vulnerability

<div>SonicWall Email Security Virtual Appliance version 10.0.9 and earlier versions contain a default username and a password that is used at initial setup.</div><div>&nbsp;</div><div>An attacker could exploit this transitional/temporary user account from the trusted domain to access the Virtual Appliance only when the device is freshly installed and not connected to Mysonicwall.<br></div><div>&nbsp;</div><div>A successful exploit could allow the attacker to log in to the appliance remotely with root privilege access over a local area network.</div>
CVE: CVE-2021-20025
Last updated: May 13, 2021, 2 p.m.

Original Article

Leave a Reply

Your email address will not be published. Required fields are marked *