CVE-2021-20022
SonicWall Email Security Unrestricted Upload of File Vulnerability
CVSS
—
No CVSS
EPSS
16.5%
p97
KEV
YES
Nov 3, 2021
Exploit Today
79
0-100
Published: — · Last modified: —
Product
SonicWall / SonicWall Email Security
Vulnerability
SonicWall Email Security Unrestricted Upload of File Vulnerability
Added to KEV
Nov 3, 2021
Remediate by
Nov 17, 2021
Known ransomware use
Yes
Summary description
SonicWall Email Security contains an unrestricted upload of file with dangerous type vulnerability that allows a post-authenticated attacker to upload a file to the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20021 and CVE-2021-20023 to achieve privilege escalation.
Required action
Apply updates per vendor instructions.
Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-20022