CVE-2021-20023

Published Apr 20, 2021

Last updated 4 months ago

Exploit knownCVSS medium 4.9
Sonicwall

Overview

Description
SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on the remote host.
Source
PSIRT@sonicwall.com
NVD status
Analyzed
Products
email_security, email_security_appliance_9000_firmware, email_security_appliance_3300_firmware, email_security_appliance_4300_firmware, email_security_appliance_8300_firmware, email_security_appliance_5000_firmware, email_security_appliance_7000_firmware, email_security_appliance_5050_firmware, email_security_appliance_7050_firmware, email_security_virtual_appliance, hosted_email_security

Risk scores

CVSS 3.1

Type
Primary
Base score
4.9
Impact score
3.6
Exploitability score
1.2
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Severity
MEDIUM

CVSS 2.0

Type
Primary
Base score
4
Impact score
2.9
Exploitability score
8
Vector string
AV:N/AC:L/Au:S/C:P/I:N/A:N

Known exploits

Data from CISA

Vulnerability name
SonicWall Email Security Path Traversal Vulnerability
Exploit added on
Nov 3, 2021
Exploit action due
Nov 17, 2021
Required action
Apply updates per vendor instructions.

Weaknesses

PSIRT@sonicwall.com
CWE-22
nvd@nist.gov
CWE-22

Social media

Hype score
Not currently trending

Configurations

Related CVEs

  1. SonicWall SMA1000 Missing Authorization VulnerabilityCVE-2025-40602
  2. A Path Traversal vulnerability has been identified in the Email Security appliance allows an attacker to manipulate file system paths by injecting crafted directory-traversal sequences (such as ../) and may access files and directories outside the intended restricted path.CVE-2025-40605
  3. A Stack-based buffer overflow vulnerability in the SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash.CVE-2025-40601
  4. Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore access to modify system files and gain persistent arbitrary code execution.CVE-2025-40604
  5. SonicWall SMA1000 Appliances Deserialization VulnerabilityCVE-2025-23006

References

Sources include official advisories and independent security research.