← back
CVE-2021-20022

CVE-2021-20022

CVSS 7.2 HIGHEPSS 16.5%● KEVCWE-434
In short

A flaw in SonicWall Email Security 10.0.9.x allows an authenticated user to upload any file to the server, potentially installing malware or gaining control of the system.

Technical detail

Post-authentication arbitrary file upload vulnerability in SonicWall Email Security 10.0.9.x due to insufficient file validation. An authenticated attacker can exploit this to upload malicious files (CWE-434), leading to remote code execution or system compromise.

Summary generated and translated by AI from the official description.
SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected products
SonicWall · Email Security

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0008https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-20022