Vulnerability Description
SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sonicwall | Email Security | < 10.0.9.6103 |
| Microsoft | Windows | - |
| Sonicwall | Email Security Appliance 9000 Firmware | < 10.0.9.6105 |
| Sonicwall | Email Security Appliance 9000 | - |
| Sonicwall | Email Security Appliance 3300 Firmware | < 10.0.9.6105 |
| Sonicwall | Email Security Appliance 3300 | - |
| Sonicwall | Email Security Appliance 4300 Firmware | < 10.0.9.6105 |
| Sonicwall | Email Security Appliance 4300 | - |
| Sonicwall | Email Security Appliance 8300 Firmware | < 10.0.9.6105 |
| Sonicwall | Email Security Appliance 8300 | - |
| Sonicwall | Email Security Appliance 5000 Firmware | < 10.0.9.6105 |
| Sonicwall | Email Security Appliance 5000 | - |
| Sonicwall | Email Security Appliance 7000 Firmware | < 10.0.9.6105 |
| Sonicwall | Email Security Appliance 7000 | - |
| Sonicwall | Email Security Appliance 5050 Firmware | < 10.0.9.6105 |
| Sonicwall | Email Security Appliance 5050 | - |
| Sonicwall | Email Security Appliance 7050 Firmware | < 10.0.9.6105 |
| Sonicwall | Email Security Appliance 7050 | - |
| Sonicwall | Email Security Virtual Appliance | < 10.0.9.6105 |
| Sonicwall | Hosted Email Security | < 10.0.9.6103 |
Related Weaknesses (CWE)
References
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0008Vendor Advisory
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0008Vendor Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-US Government Resource
FAQ
What is CVE-2021-20022?
CVE-2021-20022 is a vulnerability with a CVSS score of 7.2 (HIGH). SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host.
How severe is CVE-2021-20022?
CVE-2021-20022 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-20022?
Check the references section above for vendor advisories and patch information. Affected products include: Sonicwall Email Security, Microsoft Windows, Sonicwall Email Security Appliance 9000 Firmware, Sonicwall Email Security Appliance 9000, Sonicwall Email Security Appliance 3300 Firmware.