CVE-2021-20021CISA KEVEPSS p99.6%

CVE-2021-20021SonicWall Email Security Improper Privilege Management Vulnerability

SonicWall / SonicWall Email Security

Description

SonicWall Email Security contains an improper privilege management vulnerability that allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20022 and CVE-2021-20023 to achieve privilege escalation.

Scoring

EPSS83.43% probability of exploitation · percentile 99.6% · 2026-06-18T12:00:27Z

CISA KEV entry

Added to KEV: 2021-11-03

(incoming)1

TypeTargetConfidenceTier
KEVEntrySonicWall Email Security Improper Privilege Management Vulnerabilitykev-cve-2021-200210%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
SonicWall Email Security Unrestricted Upload of File Vulnerability
CVE
SonicWall Email Security Path Traversal Vulnerability
CVE
SonicWall SSLVPN SMA100 SQL Injection Vulnerability
CVE
SonicWall Secure Remote Access (SRA) SQL Injection Vulnerability
CVE
SonicWall SMA100 Appliances OS Command Injection Vulnerability
CVE
SonicWall SMA1000 Missing Authorization Vulnerability
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.