SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on the remote host.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NMicrosoft Windows
OSMicrosoftwszystkie wersjeSonicwall Email Security
APPSonicwall< 10.0.9.6173Sonicwall Email Security Appliance 3300
HWSonicwallwszystkie wersjeSonicwall Email Security Appliance 3300 Firmware
OSSonicwall< 10.0.9.6177Sonicwall Email Security Appliance 4300
HWSonicwallwszystkie wersjeSonicwall Email Security Appliance 4300 Firmware
OSSonicwall< 10.0.9.6177Sonicwall Email Security Appliance 5000
HWSonicwallwszystkie wersjeSonicwall Email Security Appliance 5000 Firmware
OSSonicwall< 10.0.9.6177Sonicwall Email Security Appliance 5050
HWSonicwallwszystkie wersjeSonicwall Email Security Appliance 5050 Firmware
OSSonicwall< 10.0.9.6177Sonicwall Email Security Appliance 7000
HWSonicwallwszystkie wersjeSonicwall Email Security Appliance 7000 Firmware
OSSonicwall< 10.0.9.6177Sonicwall Email Security Appliance 7050
HWSonicwallwszystkie wersjeSonicwall Email Security Appliance 7050 Firmware
OSSonicwall< 10.0.9.6177Sonicwall Email Security Appliance 8300
HWSonicwallwszystkie wersjeSonicwall Email Security Appliance 8300 Firmware
OSSonicwall< 10.0.9.6177Sonicwall Email Security Appliance 9000
HWSonicwallwszystkie wersjeSonicwall Email Security Appliance 9000 Firmware
OSSonicwall< 10.0.9.6177Sonicwall Email Security Virtual Appliance
APPSonicwall< 10.0.9.6177Sonicwall Hosted Email Security
APPSonicwall< 10.0.9.6173
CISA KEV — detailsi
- Vendori
- SonicWall ↗
- Producti
- SonicWall Email Security
- Added to KEVi
- November 3, 2021
- Remediation deadline (US Federal)i
- November 17, 2021(overdue)
- Ransomwarei
- Active ransomware campaigns exploit this vulnerability
Apply updates per vendor instructions.
SonicWall Email Security contains a path traversal vulnerability that allows a post-authenticated attacker to read files on the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20021 and CVE-2021-20022 to achieve privilege escalation.
Related vulnerabilities
Atak na łańcuch dostaw DAEMON Tools Lite — trojanizacja instalatorów
Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty
Commvault Command Center – nieuwierzytelniony RCE przez path traversal w ZIP
Path Traversal w Kingsoft WPS Office — ładowanie dowolnej biblioteki Windows
PHP CGI argument injection – RCE na Windows przez mechanizm Best-Fit