← back
CVE-2021-20023

CVE-2021-20023

CVSS 4.9 MEDIUMEPSS 51.4%● KEVCWE-22
In short

SonicWall Email Security versions 10.0.9.x contain a flaw that allows someone already logged into the system to read any file on the server. This is dangerous because attackers with access can steal sensitive configuration files or data.

Technical detail

Path traversal vulnerability (CWE-22) in SonicWall Email Security 10.0.9.x enables post-authenticated arbitrary file read via improper input validation. An attacker with valid credentials can bypass directory restrictions and access unauthorized files on the host system, potentially exposing sensitive configuration data or credentials.

Summary generated and translated by AI from the official description.
SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on the remote host.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Affected products
SonicWall · Email Security

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0010https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-20023