Lucene search
K

8 matches found

CISA KEV Catalog
CISA KEV Catalog
added 2021/11/03 12:0 a.m.23 views

SonicWall Email Security Improper Privilege Management Vulnerability

SonicWall Email Security contains an improper privilege management vulnerability that allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-200...

9.8CVSS7.2AI score0.83425EPSS
In wildExploits0
The Hacker News
The Hacker News
added 2021/04/21 5:7 a.m.157 views

3 Zero-Day Exploits Hit SonicWall Enterprise Email Security Appliances

SonicWall has addressed three critical security vulnerabilities in its hosted and on-premises email security ES product that are being actively exploited in the wild. Tracked as CVE-2021-20021 and CVE-2021-20022, the flaws were discovered and reported to the company by FireEye's Mandiant subsidia...

9.8CVSS0.9AI score0.83425EPSS
Exploits0
Circl
Circl
added 2021/04/21 1:32 a.m.12 views

CVE-2021-20022

creationtimestamp| type| source ---|---|--- 2021-04-21 01:32:05+00:00| seen| https://t.me/cKure/4953 2021-04-21 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=572 2021-04-22 15:55:13+00:00| exploited| https://t.me/NeKaspersky/777 2021-11-08 08:58:19+00:00| seen|...

7.5CVSS7AI score0.16509EPSS
Exploits0References10
VulnCheck KEV
VulnCheck KEV
added 2021/04/20 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-20022

SonicWall Email Security contains an unrestricted upload of file with dangerous type vulnerability that allows a post-authenticated attacker to upload a file to the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20021 and...

9.8CVSS7.1AI score0.83425EPSS
Exploits0References1
SonicWall
SonicWall
added 2021/04/09 10:3 p.m.13 views

SonicWall Email Security post-authentication arbitrary file creation vulnerability

SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host. CVE: CVE-2021-20022 Last updated: April 9, 2021, 10:03 p.m...

6.7CVSS6.9AI score0.16509EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2021/04/09 5:50 p.m.13 views

CVE-2021-20022

SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host...

7AI score0.16509EPSS
Exploits0References1
CVE
CVE
added 2021/04/09 5:50 p.m.1109 views

CVE-2021-20022

CVE-2021-20022 affects SonicWall Email Security versions 10.0.9.x and enables post-authenticated arbitrary file upload via the branding ZIP mechanism (Zip Slip style) to write files to the server. FireEye/Mandiant detail that lack of input validation allows an attacker to place a web shell in a w...

7.5CVSS8.1AI score0.16509EPSS
In wildExploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/04/09 12:0 a.m.45 views

CVE-2021-20022

SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host. Recent assessments: wvu-r7 at September 07, 2021 4:22am UTC reported: Super easy to exploit. See CVE-2021-20021 for the first part of the...

9.8CVSS8.2AI score0.83425EPSS
In wildExploits0References2
Rows per page
Query Builder