CVE-2021-20023 - Vulnerability Details

SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on the remote host.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is in the KEV database since Nov. 3, 2021.

Exploitation active

Automatable no

Technical Impact partial

Vendors	Products
Microsoft	Windows
Sonicwall	Email Security Email Security Appliance 3300 Email Security Appliance 3300 Firmware Email Security Appliance 4300 Email Security Appliance 4300 Firmware Email Security Appliance 5000 Email Security Appliance 5000 Firmware Email Security Appliance 5050 Email Security Appliance 5050 Firmware Email Security Appliance 7000 Email Security Appliance 7000 Firmware Email Security Appliance 7050 Email Security Appliance 7050 Firmware Email Security Appliance 8300 Email Security Appliance 8300 Firmware Email Security Appliance 9000 Email Security Appliance 9000 Firmware Email Security Virtual Appliance Hosted Email Security

Configuration 1 [-]

AND

cpe:2.3:a:sonicwall:email_security:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:sonicwall:email_security_appliance_9000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:email_security_appliance_9000:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:sonicwall:email_security_appliance_3300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:email_security_appliance_3300:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:sonicwall:email_security_appliance_4300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:email_security_appliance_4300:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:sonicwall:email_security_appliance_8300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:email_security_appliance_8300:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:sonicwall:email_security_appliance_5000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:email_security_appliance_5000:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:sonicwall:email_security_appliance_7000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:email_security_appliance_7000:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:sonicwall:email_security_appliance_5050_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:email_security_appliance_5050:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:sonicwall:email_security_appliance_7050_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:email_security_appliance_7050:-:*:*:*:*:*:*:*

Configuration 10 [-]

OR	cpe:2.3:a:sonicwall:email_security_virtual_appliance::::::::
	cpe:2.3:a:sonicwall:hosted_email_security::::::::

No data.

References

Link	Providers
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0010
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-20023

History

Wed, 12 Nov 2025 14:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Microsoft Microsoft windows Sonicwall email Security Appliance 3300 Sonicwall email Security Appliance 3300 Firmware Sonicwall email Security Appliance 4300 Sonicwall email Security Appliance 4300 Firmware Sonicwall email Security Appliance 5000 Sonicwall email Security Appliance 5000 Firmware Sonicwall email Security Appliance 5050 Sonicwall email Security Appliance 5050 Firmware Sonicwall email Security Appliance 7000 Sonicwall email Security Appliance 7000 Firmware Sonicwall email Security Appliance 7050 Sonicwall email Security Appliance 7050 Firmware Sonicwall email Security Appliance 8300 Sonicwall email Security Appliance 8300 Firmware Sonicwall email Security Appliance 9000 Sonicwall email Security Appliance 9000 Firmware Sonicwall email Security Virtual Appliance
CPEs	cpe:2.3:a:sonicwall:email_security::::::email_security_virtual_appliance::* cpe:2.3:a:sonicwall:email_security::::::windows::*	cpe:2.3:a:sonicwall:email_security:::::::: cpe:2.3:a:sonicwall:email_security_virtual_appliance:::::::: cpe:2.3:h:sonicwall:email_security_appliance_3300:-:::::::* cpe:2.3:h:sonicwall:email_security_appliance_4300:-:::::::* cpe:2.3:h:sonicwall:email_security_appliance_5000:-:::::::* cpe:2.3:h:sonicwall:email_security_appliance_5050:-:::::::* cpe:2.3:h:sonicwall:email_security_appliance_7000:-:::::::* cpe:2.3:h:sonicwall:email_security_appliance_7050:-:::::::* cpe:2.3:h:sonicwall:email_security_appliance_8300:-:::::::* cpe:2.3:h:sonicwall:email_security_appliance_9000:-:::::::* cpe:2.3:o:microsoft:windows:-:::::::* cpe:2.3:o:sonicwall:email_security_appliance_3300_firmware:::::::: cpe:2.3:o:sonicwall:email_security_appliance_4300_firmware:::::::: cpe:2.3:o:sonicwall:email_security_appliance_5000_firmware:::::::: cpe:2.3:o:sonicwall:email_security_appliance_5050_firmware:::::::: cpe:2.3:o:sonicwall:email_security_appliance_7000_firmware:::::::: cpe:2.3:o:sonicwall:email_security_appliance_7050_firmware:::::::: cpe:2.3:o:sonicwall:email_security_appliance_8300_firmware:::::::: cpe:2.3:o:sonicwall:email_security_appliance_9000_firmware::::::::
Vendors & Products		Microsoft Microsoft windows Sonicwall email Security Appliance 3300 Sonicwall email Security Appliance 3300 Firmware Sonicwall email Security Appliance 4300 Sonicwall email Security Appliance 4300 Firmware Sonicwall email Security Appliance 5000 Sonicwall email Security Appliance 5000 Firmware Sonicwall email Security Appliance 5050 Sonicwall email Security Appliance 5050 Firmware Sonicwall email Security Appliance 7000 Sonicwall email Security Appliance 7000 Firmware Sonicwall email Security Appliance 7050 Sonicwall email Security Appliance 7050 Firmware Sonicwall email Security Appliance 8300 Sonicwall email Security Appliance 8300 Firmware Sonicwall email Security Appliance 9000 Sonicwall email Security Appliance 9000 Firmware Sonicwall email Security Virtual Appliance

Wed, 22 Oct 2025 00:30:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-20023

Tue, 21 Oct 2025 20:30:00 +0000

Type	Values Removed	Values Added
References	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-20023

Tue, 21 Oct 2025 19:30:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-20023

Thu, 06 Feb 2025 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2021-11-03'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: sonicwall

Published: 2021-04-20T11:55:13.000Z

Updated: 2025-10-21T23:25:48.746Z

Reserved: 2020-12-17T00:00:00.000Z

Link: CVE-2021-20023

Vulnrichment

Updated: 2024-08-03T17:30:07.261Z

NVD

Status : Analyzed

Published: 2021-04-20T12:15:12.587

Modified: 2025-11-12T14:32:02.917

Link: CVE-2021-20023

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Exploitation active

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object