4.9
CVE-2021-20023
- EPSS 58.89%
- Published 20.04.2021 12:15:12
- Last modified 14.03.2025 17:08:56
- Source PSIRT@sonicwall.com
- Teams watchlist Login
- Open Login
SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on the remote host.
Data is provided by the National Vulnerability Database (NVD)
Sonicwall ≫ Email Security SwPlatformemail_security_virtual_appliance Version < 10.0.9.6173
Sonicwall ≫ Email Security SwPlatformwindows Version < 10.0.9.6173
Sonicwall ≫ Hosted Email Security Version < 10.0.9.6173
03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog
SonicWall Email Security Path Traversal Vulnerability
VulnerabilitySonicWall Email Security contains a path traversal vulnerability that allows a post-authenticated attacker to read files on the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20021 and CVE-2021-20022 to achieve privilege escalation.
DescriptionApply updates per vendor instructions.
Required actions| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 58.89% | 0.981 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 4.9 | 1.2 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:P/I:N/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 4.9 | 1.2 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
|
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.