LIVE NEWSROOM · --:-- · May 24, 2026
A LIBRARY FOR SECURITY RESEARCHERS

CVE DATABASE  /  CVE-2021-20021

CVE-2021-20021

SonicWall Email Security Improper Privilege Management Vulnerability

CVSS 9.8 · CRITICAL ⚠ CISA KEV — ACTIVELY EXPLOITED RANSOMWARE
On the CISA KEV catalog

Confirmed exploited in the wild. Added 2021-11-03. Federal remediation due 2021-11-17.
Required action: Apply updates per vendor instructions.

Summary

A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host.

CVSS 3.1 breakdown

Base score9.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack vectorNETWORK
Attack complexityLOW
Privileges requiredNONE
User interactionNONE
ScopeUNCHANGED
ConfidentialityHIGH
IntegrityHIGH
AvailabilityHIGH

Weakness type (CWE)

Affected products

Sonicwall email securityMicrosoft windowsSonicwall email security appliance 9000 firmwareSonicwall email security appliance 9000Sonicwall email security appliance 3300 firmwareSonicwall email security appliance 3300Sonicwall email security appliance 4300 firmwareSonicwall email security appliance 4300Sonicwall email security appliance 8300 firmwareSonicwall email security appliance 8300Sonicwall email security appliance 5000 firmwareSonicwall email security appliance 5000Sonicwall email security appliance 7000 firmwareSonicwall email security appliance 7000Sonicwall email security appliance 5050 firmwareSonicwall email security appliance 5050Sonicwall email security appliance 7050 firmwareSonicwall email security appliance 7050Sonicwall email security virtual applianceSonicwall hosted email security
Check this CVE live

Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.

References

Data: NIST NVD + CISA KEV. NVD last modified 2025-11-10. Always verify against the vendor advisory before acting.

Scroll to Top