CVE-2021-20023

SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on the remote host.

CVSS v3 4.9 MEDIUM
CVSS v2.0 4.0 MEDIUM

4.9^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0010	Vendor Advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0010	Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-20023	US Government Resource

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:sonicwall:email_security:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:sonicwall:email_security_appliance_9000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:email_security_appliance_9000:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:sonicwall:email_security_appliance_3300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:email_security_appliance_3300:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:sonicwall:email_security_appliance_4300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:email_security_appliance_4300:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:sonicwall:email_security_appliance_8300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:email_security_appliance_8300:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:sonicwall:email_security_appliance_5000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:email_security_appliance_5000:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:sonicwall:email_security_appliance_7000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:email_security_appliance_7000:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:sonicwall:email_security_appliance_5050_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:email_security_appliance_5050:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:sonicwall:email_security_appliance_7050_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:email_security_appliance_7050:-:*:*:*:*:*:*:*

Configuration 10 (hide)

OR	cpe:2.3:a:sonicwall:email_security_virtual_appliance::::::::
	cpe:2.3:a:sonicwall:hosted_email_security::::::::

History

12 Nov 2025, 14:32

Type	Values Removed	Values Added
First Time		Sonicwall email Security Appliance 5000 Firmware Sonicwall email Security Appliance 9000 Sonicwall email Security Appliance 4300 Sonicwall email Security Appliance 7050 Firmware Sonicwall email Security Appliance 7050 Sonicwall email Security Appliance 5050 Firmware Sonicwall email Security Appliance 9000 Firmware Microsoft Sonicwall email Security Appliance 5050 Sonicwall email Security Appliance 5000 Sonicwall email Security Appliance 3300 Sonicwall email Security Appliance 8300 Sonicwall email Security Virtual Appliance Sonicwall email Security Appliance 8300 Firmware Sonicwall email Security Appliance 3300 Firmware Sonicwall email Security Appliance 7000 Sonicwall email Security Appliance 4300 Firmware Microsoft windows Sonicwall email Security Appliance 7000 Firmware
References	~~() https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-20023 -~~	() https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-20023 - US Government Resource
CPE	cpe:2.3:a:sonicwall:email_security::::::windows::* cpe:2.3:a:sonicwall:email_security::::::email_security_virtual_appliance::*	cpe:2.3:o:sonicwall:email_security_appliance_7000_firmware:::::::: cpe:2.3:h:sonicwall:email_security_appliance_5000:-:::::::* cpe:2.3:h:sonicwall:email_security_appliance_4300:-:::::::* cpe:2.3:o:sonicwall:email_security_appliance_5050_firmware:::::::: cpe:2.3:o:sonicwall:email_security_appliance_3300_firmware:::::::: cpe:2.3:o:sonicwall:email_security_appliance_8300_firmware:::::::: cpe:2.3:h:sonicwall:email_security_appliance_7050:-:::::::* cpe:2.3:h:sonicwall:email_security_appliance_9000:-:::::::* cpe:2.3:o:sonicwall:email_security_appliance_7050_firmware:::::::: cpe:2.3:o:microsoft:windows:-:::::::* cpe:2.3:h:sonicwall:email_security_appliance_8300:-:::::::* cpe:2.3:o:sonicwall:email_security_appliance_9000_firmware:::::::: cpe:2.3:a:sonicwall:email_security:::::::: cpe:2.3:h:sonicwall:email_security_appliance_3300:-:::::::* cpe:2.3:o:sonicwall:email_security_appliance_5000_firmware:::::::: cpe:2.3:o:sonicwall:email_security_appliance_4300_firmware:::::::: cpe:2.3:h:sonicwall:email_security_appliance_5050:-:::::::* cpe:2.3:a:sonicwall:email_security_virtual_appliance:::::::: cpe:2.3:h:sonicwall:email_security_appliance_7000:-:::::::*

22 Oct 2025, 00:17

Type	Values Removed	Values Added
References		() https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-20023 -

21 Oct 2025, 20:18

Type	Values Removed	Values Added
References	~~{'url': 'https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-20023', 'source': '134c704f-9b21-4f2e-91b3-4a467353bcc0'}~~

21 Oct 2025, 19:18

Type	Values Removed	Values Added
References		() https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-20023 -

21 Nov 2024, 05:45

Type	Values Removed	Values Added
References	~~() https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0010 - Vendor Advisory~~	() https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0010 - Vendor Advisory

Information

Published : 2021-04-20 12:15

Updated : 2025-11-12 14:32

NVD link : CVE-2021-20023

Mitre link : CVE-2021-20023

CVE.ORG link : CVE-2021-20023

JSON object : View

Products Affected

sonicwall

email_security_appliance_5050
email_security_appliance_5000
email_security_appliance_7000_firmware
email_security_appliance_5050_firmware
email_security_appliance_7050
email_security_appliance_4300_firmware
email_security_appliance_7000
email_security
email_security_appliance_5000_firmware
email_security_appliance_8300
email_security_appliance_9000_firmware
email_security_appliance_9000
hosted_email_security
email_security_appliance_3300_firmware
email_security_appliance_4300
email_security_appliance_7050_firmware
email_security_appliance_3300
email_security_appliance_8300_firmware
email_security_virtual_appliance

microsoft

windows

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

4.9 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2021-20023

4.9^/10

4.0^/10

Attach tags to `CVE-2021-20023`