MEDIUM🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2021-20023

CVSS 4.9v3.1pub. 2021-04-20upd. 2025-11-12

SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on the remote host.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
  • Microsoft Windows

    OS
    Microsoft
    wszystkie wersje
  • Sonicwall Email Security

    APP
    Sonicwall
    < 10.0.9.6173
  • Sonicwall Email Security Appliance 3300

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Email Security Appliance 3300 Firmware

    OS
    Sonicwall
    < 10.0.9.6177
  • Sonicwall Email Security Appliance 4300

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Email Security Appliance 4300 Firmware

    OS
    Sonicwall
    < 10.0.9.6177
  • Sonicwall Email Security Appliance 5000

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Email Security Appliance 5000 Firmware

    OS
    Sonicwall
    < 10.0.9.6177
  • Sonicwall Email Security Appliance 5050

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Email Security Appliance 5050 Firmware

    OS
    Sonicwall
    < 10.0.9.6177
  • Sonicwall Email Security Appliance 7000

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Email Security Appliance 7000 Firmware

    OS
    Sonicwall
    < 10.0.9.6177
  • Sonicwall Email Security Appliance 7050

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Email Security Appliance 7050 Firmware

    OS
    Sonicwall
    < 10.0.9.6177
  • Sonicwall Email Security Appliance 8300

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Email Security Appliance 8300 Firmware

    OS
    Sonicwall
    < 10.0.9.6177
  • Sonicwall Email Security Appliance 9000

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Email Security Appliance 9000 Firmware

    OS
    Sonicwall
    < 10.0.9.6177
  • Sonicwall Email Security Virtual Appliance

    APP
    Sonicwall
    < 10.0.9.6177
  • Sonicwall Hosted Email Security

    APP
    Sonicwall
    < 10.0.9.6173

CISA KEV — detailsi

Vendori
SonicWall
Producti
SonicWall Email Security
Added to KEVi
November 3, 2021
Remediation deadline (US Federal)i
November 17, 2021(overdue)
Ransomwarei
Active ransomware campaigns exploit this vulnerability
Required action (CISA)i

Apply updates per vendor instructions.

CISA descriptioni

SonicWall Email Security contains a path traversal vulnerability that allows a post-authenticated attacker to read files on the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20021 and CVE-2021-20022 to achieve privilege escalation.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
☠️WYKORZYSTYWANE W RANSOMWARECISA DEADLINE: 17 listopada 2021
Tags
Path Traversal
CWE
References

Related vulnerabilities

CVE-2026-8398CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Atak na łańcuch dostaw DAEMON Tools Lite — trojanizacja instalatorów

CVE-2025-10585CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty

CVE-2025-34028CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Commvault Command Center – nieuwierzytelniony RCE przez path traversal w ZIP

CVE-2024-7262CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Path Traversal w Kingsoft WPS Office — ładowanie dowolnej biblioteki Windows

CVE-2024-4577CRITICAL9.8⚠ KEVPL ✓ten sam produkt

PHP CGI argument injection – RCE na Windows przez mechanizm Best-Fit