CVE-2021-20022 - Vulnerability Details

SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is in the KEV database since Nov. 3, 2021.

Exploitation active

Automatable no

Technical Impact total

Vendors	Products
Microsoft	Windows
Sonicwall	Email Security Email Security Appliance 3300 Email Security Appliance 3300 Firmware Email Security Appliance 4300 Email Security Appliance 4300 Firmware Email Security Appliance 5000 Email Security Appliance 5000 Firmware Email Security Appliance 5050 Email Security Appliance 5050 Firmware Email Security Appliance 7000 Email Security Appliance 7000 Firmware Email Security Appliance 7050 Email Security Appliance 7050 Firmware Email Security Appliance 8300 Email Security Appliance 8300 Firmware Email Security Appliance 9000 Email Security Appliance 9000 Firmware Email Security Virtual Appliance Hosted Email Security

Configuration 1 [-]

AND

cpe:2.3:a:sonicwall:email_security:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:sonicwall:email_security_appliance_9000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:email_security_appliance_9000:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:sonicwall:email_security_appliance_3300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:email_security_appliance_3300:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:sonicwall:email_security_appliance_4300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:email_security_appliance_4300:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:sonicwall:email_security_appliance_8300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:email_security_appliance_8300:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:sonicwall:email_security_appliance_5000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:email_security_appliance_5000:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:sonicwall:email_security_appliance_7000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:email_security_appliance_7000:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:sonicwall:email_security_appliance_5050_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:email_security_appliance_5050:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:sonicwall:email_security_appliance_7050_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:email_security_appliance_7050:-:*:*:*:*:*:*:*

Configuration 10 [-]

OR	cpe:2.3:a:sonicwall:email_security_virtual_appliance::::::::
	cpe:2.3:a:sonicwall:hosted_email_security::::::::

No data.

References

Link	Providers
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0008
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-20022

History

Mon, 10 Nov 2025 19:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Microsoft Microsoft windows Sonicwall email Security Appliance 3300 Sonicwall email Security Appliance 3300 Firmware Sonicwall email Security Appliance 4300 Sonicwall email Security Appliance 4300 Firmware Sonicwall email Security Appliance 5000 Sonicwall email Security Appliance 5000 Firmware Sonicwall email Security Appliance 5050 Sonicwall email Security Appliance 5050 Firmware Sonicwall email Security Appliance 7000 Sonicwall email Security Appliance 7000 Firmware Sonicwall email Security Appliance 7050 Sonicwall email Security Appliance 7050 Firmware Sonicwall email Security Appliance 8300 Sonicwall email Security Appliance 8300 Firmware Sonicwall email Security Appliance 9000 Sonicwall email Security Appliance 9000 Firmware Sonicwall email Security Virtual Appliance
CPEs		cpe:2.3:a:sonicwall:email_security_virtual_appliance:::::::: cpe:2.3:h:sonicwall:email_security_appliance_3300:-:::::::* cpe:2.3:h:sonicwall:email_security_appliance_4300:-:::::::* cpe:2.3:h:sonicwall:email_security_appliance_5000:-:::::::* cpe:2.3:h:sonicwall:email_security_appliance_5050:-:::::::* cpe:2.3:h:sonicwall:email_security_appliance_7000:-:::::::* cpe:2.3:h:sonicwall:email_security_appliance_7050:-:::::::* cpe:2.3:h:sonicwall:email_security_appliance_8300:-:::::::* cpe:2.3:h:sonicwall:email_security_appliance_9000:-:::::::* cpe:2.3:o:microsoft:windows:-:::::::* cpe:2.3:o:sonicwall:email_security_appliance_3300_firmware:::::::: cpe:2.3:o:sonicwall:email_security_appliance_4300_firmware:::::::: cpe:2.3:o:sonicwall:email_security_appliance_5000_firmware:::::::: cpe:2.3:o:sonicwall:email_security_appliance_5050_firmware:::::::: cpe:2.3:o:sonicwall:email_security_appliance_7000_firmware:::::::: cpe:2.3:o:sonicwall:email_security_appliance_7050_firmware:::::::: cpe:2.3:o:sonicwall:email_security_appliance_8300_firmware:::::::: cpe:2.3:o:sonicwall:email_security_appliance_9000_firmware::::::::
Vendors & Products		Microsoft Microsoft windows Sonicwall email Security Appliance 3300 Sonicwall email Security Appliance 3300 Firmware Sonicwall email Security Appliance 4300 Sonicwall email Security Appliance 4300 Firmware Sonicwall email Security Appliance 5000 Sonicwall email Security Appliance 5000 Firmware Sonicwall email Security Appliance 5050 Sonicwall email Security Appliance 5050 Firmware Sonicwall email Security Appliance 7000 Sonicwall email Security Appliance 7000 Firmware Sonicwall email Security Appliance 7050 Sonicwall email Security Appliance 7050 Firmware Sonicwall email Security Appliance 8300 Sonicwall email Security Appliance 8300 Firmware Sonicwall email Security Appliance 9000 Sonicwall email Security Appliance 9000 Firmware Sonicwall email Security Virtual Appliance
Metrics	cvssV2_0 `{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P'}`	cvssV2_0 `{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P'}`

Wed, 22 Oct 2025 00:30:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-20022

Tue, 21 Oct 2025 20:30:00 +0000

Type	Values Removed	Values Added
References	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-20022

Tue, 21 Oct 2025 19:30:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-20022

Thu, 06 Feb 2025 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2021-11-03'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: sonicwall

Published: 2021-04-09T17:50:15.000Z

Updated: 2025-10-21T23:25:49.388Z

Reserved: 2020-12-17T00:00:00.000Z

Link: CVE-2021-20022

Vulnrichment

Updated: 2024-08-03T17:30:07.423Z

NVD

Status : Analyzed

Published: 2021-04-09T18:15:13.460

Modified: 2025-11-10T19:07:07.287

Link: CVE-2021-20022

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Exploitation active

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object