chore: add CVE-2021-20021 template for SonicWall Email Security vulne…

Template / PR Information

Added CVE-2021-20021 - SonicWall Email Security Broken Access Control (Critical)
This template detects a critical vulnerability in SonicWall Email Security 10.0.9.x that allows unauthenticated attackers to create administrative accounts by sending crafted HTTP requests to the /createou endpoint without authentication.
References:

Template Validation

I’ve validated this template locally?

Additional Details (leave it blank if not applicable)

Shodan Query: "SonicWall Email Security"

Template Testing Results:

[CVE-2021-20021] [http] [critical] http://localhost:8888/createou?data=test123
[CVE-2021-20021] [http] [critical] http://localhost:8888/createou [POST]
Scan completed in 5.228255ms. 5 matches found.

HTTP Response Snippet:

GET /createou?data=test123 HTTP/1.1
→ HTTP/1.0 400 Bad Request
→ Error in parsing request - SonicWall Email Security

POST /createou HTTP/1.1
→ HTTP/1.0 400 Bad Request  
→ Error in parsing request

Screenshot from 2025-06-28 23-32-10

Screenshot from 2025-06-28 23-32-59

Mock Server Used for Testing:

Created Python mock server simulating vulnerable SonicWall Email Security
Server responds with “Error in parsing request” for /createou endpoint
Template successfully detects vulnerability signature
Gist: https://gist.github.com/MAVRICK-1/49914b3391fbe17a9af372fef8cc45e7

Vulnerability Impact:

CVSS Score: 9.8 (Critical)
KEV Status: Active exploitation in the wild
Allows creation of administrative accounts without authentication

Additional References:

Closes #12461

/claim #12461

Template / PR Information

Template Validation

Additional Details (leave it blank if not applicable)

Additional References:

Claim

Contributors

Sponsors