CVE-2021-20023
Published: 20 April 2021
Summary
CVE-2021-20023 is a medium-severity Path Traversal (CWE-22) vulnerability in Sonicwall Email Security. Its CVSS base score is 4.9 (Medium).
Operationally, ranked in the top 1.9% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SC-7 (Boundary Protection).
Deeper analysis
SonicWall Email Security version 10.0.9.x is affected by a path traversal vulnerability tracked as CVE-2021-20023 and CWE-22. The flaw permits a post-authenticated attacker to read arbitrary files on the remote host. It carries a CVSS 3.1 base score of 4.9, reflecting network attack vector, low attack complexity, high privileges required, and high confidentiality impact with no integrity or availability effects.
An attacker who has already obtained administrative credentials can send specially crafted requests to the affected Email Security appliance and retrieve sensitive files stored on the system. Because the vulnerability requires authentication, it is primarily a risk to organizations whose management interfaces are reachable from untrusted networks or where credential compromise has already occurred.
The official SonicWall PSIRT advisory SNWLID-2021-0010 addresses the issue, and the vulnerability appears in CISA's catalog of known exploited vulnerabilities, confirming observed in-the-wild activity. Organizations should apply the patches or configuration changes recommended in the vendor advisory and restrict management access to trusted networks.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-7486
Vulnerability details
SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on the remote host.
- CWE(s)
- KEV Date Added
- 03 November 2021
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces authorized access to files and prevents the post-auth path traversal that allows arbitrary file reads.
Restricts network exposure of the management interface to trusted sources, blocking remote exploitation even with stolen credentials.
Requires timely application of vendor patches that eliminate the path traversal flaw in Email Security 10.0.9.x.