CVE-2021-20022

HIGH KEV RANSOMWARE

SonicWall Email Security < 10.0.9.6103 - Authenticated Arbitrary File Upload

Title source: llm

Exploitation Summary

CVE-2021-20022 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added November 3, 2021, with confirmed use in ransomware campaigns.

Description

SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host.

References (2)

Core 2

Core References

Vendor Advisory x_refsource_confirm

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0008

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-20022

Scores

CVSS v3 7.2

EPSS 0.3260

EPSS Percentile 97.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact total

Details

CISA KEV 2021-11-03

VulnCheck KEV 2021-04-20

InTheWild.io 2021-04-20

ENISA EUVD EUVD-2021-7485

Ransomware Use Confirmed

CWE

CWE-434

Status published

Products (11)

sonicwall/email_security < 10.0.9.6103

sonicwall/email_security_appliance_3300_firmware < 10.0.9.6105

sonicwall/email_security_appliance_4300_firmware < 10.0.9.6105

sonicwall/email_security_appliance_5000_firmware < 10.0.9.6105

sonicwall/email_security_appliance_5050_firmware < 10.0.9.6105

sonicwall/email_security_appliance_7000_firmware < 10.0.9.6105

sonicwall/email_security_appliance_7050_firmware < 10.0.9.6105

sonicwall/email_security_appliance_8300_firmware < 10.0.9.6105

sonicwall/email_security_appliance_9000_firmware < 10.0.9.6105

sonicwall/email_security_virtual_appliance < 10.0.9.6105

... and 1 more

Published Apr 09, 2021

KEV Added Nov 03, 2021

Tracked Since Feb 18, 2026