CVE-2021-20021 - Vulnerability Details

A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is in the KEV database since Nov. 3, 2021.

Exploitation active

Automatable yes

Technical Impact total

Vendors	Products
Microsoft	Windows
Sonicwall	Email Security Email Security Appliance 3300 Email Security Appliance 3300 Firmware Email Security Appliance 4300 Email Security Appliance 4300 Firmware Email Security Appliance 5000 Email Security Appliance 5000 Firmware Email Security Appliance 5050 Email Security Appliance 5050 Firmware Email Security Appliance 7000 Email Security Appliance 7000 Firmware Email Security Appliance 7050 Email Security Appliance 7050 Firmware Email Security Appliance 8300 Email Security Appliance 8300 Firmware Email Security Appliance 9000 Email Security Appliance 9000 Firmware Email Security Virtual Appliance Hosted Email Security

Configuration 1 [-]

AND

cpe:2.3:a:sonicwall:email_security:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:sonicwall:email_security_appliance_9000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:email_security_appliance_9000:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:sonicwall:email_security_appliance_3300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:email_security_appliance_3300:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:sonicwall:email_security_appliance_4300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:email_security_appliance_4300:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:sonicwall:email_security_appliance_8300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:email_security_appliance_8300:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:sonicwall:email_security_appliance_5000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:email_security_appliance_5000:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:sonicwall:email_security_appliance_7000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:email_security_appliance_7000:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:sonicwall:email_security_appliance_5050_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:email_security_appliance_5050:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:sonicwall:email_security_appliance_7050_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:email_security_appliance_7050:-:*:*:*:*:*:*:*

Configuration 10 [-]

OR	cpe:2.3:a:sonicwall:email_security_virtual_appliance::::::::
	cpe:2.3:a:sonicwall:hosted_email_security::::::::

No data.

References

Link	Providers
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0007
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-20021

History

Mon, 10 Nov 2025 19:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Microsoft Microsoft windows Sonicwall email Security Appliance 3300 Sonicwall email Security Appliance 3300 Firmware Sonicwall email Security Appliance 4300 Sonicwall email Security Appliance 4300 Firmware Sonicwall email Security Appliance 5000 Sonicwall email Security Appliance 5000 Firmware Sonicwall email Security Appliance 5050 Sonicwall email Security Appliance 5050 Firmware Sonicwall email Security Appliance 7000 Sonicwall email Security Appliance 7000 Firmware Sonicwall email Security Appliance 7050 Sonicwall email Security Appliance 7050 Firmware Sonicwall email Security Appliance 8300 Sonicwall email Security Appliance 8300 Firmware Sonicwall email Security Appliance 9000 Sonicwall email Security Appliance 9000 Firmware Sonicwall email Security Virtual Appliance
CPEs		cpe:2.3:a:sonicwall:email_security_virtual_appliance:::::::: cpe:2.3:h:sonicwall:email_security_appliance_3300:-:::::::* cpe:2.3:h:sonicwall:email_security_appliance_4300:-:::::::* cpe:2.3:h:sonicwall:email_security_appliance_5000:-:::::::* cpe:2.3:h:sonicwall:email_security_appliance_5050:-:::::::* cpe:2.3:h:sonicwall:email_security_appliance_7000:-:::::::* cpe:2.3:h:sonicwall:email_security_appliance_7050:-:::::::* cpe:2.3:h:sonicwall:email_security_appliance_8300:-:::::::* cpe:2.3:h:sonicwall:email_security_appliance_9000:-:::::::* cpe:2.3:o:microsoft:windows:-:::::::* cpe:2.3:o:sonicwall:email_security_appliance_3300_firmware:::::::: cpe:2.3:o:sonicwall:email_security_appliance_4300_firmware:::::::: cpe:2.3:o:sonicwall:email_security_appliance_5000_firmware:::::::: cpe:2.3:o:sonicwall:email_security_appliance_5050_firmware:::::::: cpe:2.3:o:sonicwall:email_security_appliance_7000_firmware:::::::: cpe:2.3:o:sonicwall:email_security_appliance_7050_firmware:::::::: cpe:2.3:o:sonicwall:email_security_appliance_8300_firmware:::::::: cpe:2.3:o:sonicwall:email_security_appliance_9000_firmware::::::::
Vendors & Products		Microsoft Microsoft windows Sonicwall email Security Appliance 3300 Sonicwall email Security Appliance 3300 Firmware Sonicwall email Security Appliance 4300 Sonicwall email Security Appliance 4300 Firmware Sonicwall email Security Appliance 5000 Sonicwall email Security Appliance 5000 Firmware Sonicwall email Security Appliance 5050 Sonicwall email Security Appliance 5050 Firmware Sonicwall email Security Appliance 7000 Sonicwall email Security Appliance 7000 Firmware Sonicwall email Security Appliance 7050 Sonicwall email Security Appliance 7050 Firmware Sonicwall email Security Appliance 8300 Sonicwall email Security Appliance 8300 Firmware Sonicwall email Security Appliance 9000 Sonicwall email Security Appliance 9000 Firmware Sonicwall email Security Virtual Appliance

Wed, 22 Oct 2025 00:30:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-20021

Tue, 21 Oct 2025 20:30:00 +0000

Type	Values Removed	Values Added
References	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-20021

Tue, 21 Oct 2025 19:30:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-20021

Thu, 06 Feb 2025 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2021-11-03'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: sonicwall

Published: 2021-04-09T17:50:14.000Z

Updated: 2025-10-21T23:25:49.537Z

Reserved: 2020-12-17T00:00:00.000Z

Link: CVE-2021-20021

Vulnrichment

Updated: 2024-08-03T17:30:07.089Z

NVD

Status : Analyzed

Published: 2021-04-09T18:15:13.380

Modified: 2025-11-10T19:04:58.607

Link: CVE-2021-20021

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Exploitation active

Automatable yes

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object