CVE-2021-20023

SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on the...

Basic Information

CVE State: PUBLISHED
Reserved Date: December 17, 2020
Published Date: April 20, 2021
Last Updated: October 21, 2025
Vendor: SonicWall
Product: Email Security
Description: SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on the remote host.
Tags

CVSS Scores

CVSS v3.1

4.9 - MEDIUM

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CVSS v2.0

4.0

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

SSVC Information

Exploitation: active
Technical Impact: partial

Exploit Status

Exploited in the Wild: Yes (2021-11-03 00:00:00 UTC) Source
Used in Malware: Yes (added 2021-11-03 00:00:00 UTC) Source

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0010

Known Exploited Vulnerability Information

Source	Added Date
CISA	2021-11-03 00:00:00 UTC
CISA	2021-11-03 00:00:00 UTC

Timeline

CVE ID Reserved

December 17, 2020
CVE Published to Public

April 20, 2021
Exploit Used in Malware

November 03, 2021
Added to KEVIntel

November 03, 2021
Added to KEVIntel

November 03, 2021