CVE-2021-20023
4.9MEDIUM
Key Information:
- Vendor
- Sonicwall
- Status
- Vendor
- CVE Published:
- 20 April 2021
Badges
π° RansomwareπΎ Exploit Existsπ£ EPSS 93%π¦
CISA Reported
Summary
SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on the remote host.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited and is known by the CISA as enabling ransomware campaigns.
The CISA's recommendation is: Apply updates per vendor instructions.
Affected Version(s)
Email Security 10.0.9 and earlier
References
EPSS Score
93% chance of being exploited in the next 30 days.
CVSS V3.1
Score:
4.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
- π°
Used in Ransomware
- πΎ
Exploit known to exist
- π¦
CISA Reported
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre DatabaseCISA Database