SonicWall Email Security Virtual Appliance version 10.0.9 and earlier versions contain a default username and a password that is used at initial setup. An attacker could exploit this transitional/temporary user account from the trusted domain to access the Virtual Appliance remotely only when the device is freshly installed and not connected to Mysonicwall.
[
{
"product": "Email Security Virtual Appliance",
"vendor": "SonicWall",
"versions": [
{
"status": "affected",
"version": "10.0.9 and earlier"
}
]
}
]