CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-20023

SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on the remote host.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.603

EPSS Ranking 98.2%

CVSS Severity

CVSS v3 Score 4.9

CVSS v2 Score 4.0

Proposed Action

SonicWall Email Security contains a path traversal vulnerability that allows a post-authenticated attacker to read files on the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20021 and CVE-2021-20022 to achieve privilege escalation.

Ransomware Campaign

Known

References

Products affected by CVE-2021-20023

Sonicwall » Email Security » Version: N/A

cpe:2.3:a:sonicwall:email_security:-
Sonicwall » Email Security » Version: 10.0.9

cpe:2.3:a:sonicwall:email_security:10.0.9
Sonicwall » Email Security Virtual Appliance » Version: N/A

cpe:2.3:a:sonicwall:email_security_virtual_appliance:-
Sonicwall » Email Security Virtual Appliance » Version: 10.0.5

cpe:2.3:a:sonicwall:email_security_virtual_appliance:10.0.5
Sonicwall » Email Security Virtual Appliance » Version: 10.0.7

cpe:2.3:a:sonicwall:email_security_virtual_appliance:10.0.7
Sonicwall » Email Security Virtual Appliance » Version: 10.0.9

cpe:2.3:a:sonicwall:email_security_virtual_appliance:10.0.9
Sonicwall » Email Security Virtual Appliance » Version: 9.0.6

cpe:2.3:a:sonicwall:email_security_virtual_appliance:9.0.6
Sonicwall » Hosted Email Security » Version: 10.0.9.6103

cpe:2.3:a:sonicwall:hosted_email_security:10.0.9.6103
Sonicwall » Email Security Appliance 3300 » Version: N/A

cpe:2.3:h:sonicwall:email_security_appliance_3300:-
Sonicwall » Email Security Appliance 4300 » Version: N/A

cpe:2.3:h:sonicwall:email_security_appliance_4300:-
Sonicwall » Email Security Appliance 5000 » Version: N/A

cpe:2.3:h:sonicwall:email_security_appliance_5000:-
Sonicwall » Email Security Appliance 5050 » Version: N/A

cpe:2.3:h:sonicwall:email_security_appliance_5050:-
Sonicwall » Email Security Appliance 7000 » Version: N/A

cpe:2.3:h:sonicwall:email_security_appliance_7000:-
Sonicwall » Email Security Appliance 7050 » Version: N/A

cpe:2.3:h:sonicwall:email_security_appliance_7050:-
Sonicwall » Email Security Appliance 8300 » Version: N/A

cpe:2.3:h:sonicwall:email_security_appliance_8300:-
Sonicwall » Email Security Appliance 9000 » Version: N/A

cpe:2.3:h:sonicwall:email_security_appliance_9000:-
Microsoft » Windows » Version: N/A

cpe:2.3:o:microsoft:windows:-
Sonicwall » Email Security Appliance 3300 Firmware » Version: 10.0.9.6105

cpe:2.3:o:sonicwall:email_security_appliance_3300_firmware:10.0.9.6105
Sonicwall » Email Security Appliance 4300 Firmware » Version: 10.0.9.6105

cpe:2.3:o:sonicwall:email_security_appliance_4300_firmware:10.0.9.6105
Sonicwall » Email Security Appliance 5000 Firmware » Version: 10.0.9.6105

cpe:2.3:o:sonicwall:email_security_appliance_5000_firmware:10.0.9.6105
Sonicwall » Email Security Appliance 5050 Firmware » Version: 10.0.9.6105

cpe:2.3:o:sonicwall:email_security_appliance_5050_firmware:10.0.9.6105
Sonicwall » Email Security Appliance 7000 Firmware » Version: 10.0.9.6105

cpe:2.3:o:sonicwall:email_security_appliance_7000_firmware:10.0.9.6105
Sonicwall » Email Security Appliance 7050 Firmware » Version: 10.0.9.6105

cpe:2.3:o:sonicwall:email_security_appliance_7050_firmware:10.0.9.6105
Sonicwall » Email Security Appliance 8300 Firmware » Version: 10.0.9.6105

cpe:2.3:o:sonicwall:email_security_appliance_8300_firmware:10.0.9.6105
Sonicwall » Email Security Appliance 9000 Firmware » Version: 10.0.9.6105

cpe:2.3:o:sonicwall:email_security_appliance_9000_firmware:10.0.9.6105

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-20023

Products

Pricing

Contact Us