CVE-2021-20023

MEDIUM KEV RANSOMWARE

SonicWall Email Security < 10.0.9.6173 - Authenticated Arbitrary File Read via Path Traversal

Title source: llm

Exploitation Summary

CVE-2021-20023 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added November 3, 2021, with confirmed use in ransomware campaigns.

Description

SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on the remote host.

References (2)

Core 2

Core References

Vendor Advisory x_refsource_confirm

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0010

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-20023

Scores

CVSS v3 4.9

EPSS 0.5538

EPSS Percentile 98.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact partial

Details

CISA KEV 2021-11-03

VulnCheck KEV 2021-04-20

InTheWild.io 2021-04-20

ENISA EUVD EUVD-2021-7486

Ransomware Use Confirmed

CWE

CWE-22

Status published

Products (11)

sonicwall/email_security < 10.0.9.6173

sonicwall/email_security_appliance_3300_firmware < 10.0.9.6177

sonicwall/email_security_appliance_4300_firmware < 10.0.9.6177

sonicwall/email_security_appliance_5000_firmware < 10.0.9.6177

sonicwall/email_security_appliance_5050_firmware < 10.0.9.6177

sonicwall/email_security_appliance_7000_firmware < 10.0.9.6177

sonicwall/email_security_appliance_7050_firmware < 10.0.9.6177

sonicwall/email_security_appliance_8300_firmware < 10.0.9.6177

sonicwall/email_security_appliance_9000_firmware < 10.0.9.6177

sonicwall/email_security_virtual_appliance < 10.0.9.6177

... and 1 more

Published Apr 20, 2021

KEV Added Nov 03, 2021

Tracked Since Feb 18, 2026