CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-20023

SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on the remote host.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.672

EPSS Ranking 98.4%

CVSS Severity

CVSS v3 Score 4.9

CVSS v2 Score 4.0

Proposed Action

SonicWall Email Security contains a path traversal vulnerability that allows a post-authenticated attacker to read files on the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20021 and CVE-2021-20022 to achieve privilege escalation.

Ransomware Campaign

Known

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0010
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0010

Products affected by CVE-2021-20023

Sonicwall » Email Security » Version: Any

cpe:2.3:a:sonicwall:email_security:*
Sonicwall » Hosted Email Security » Version: Any

cpe:2.3:a:sonicwall:hosted_email_security:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-20023

Products

Pricing

Contact Us