CVE-2021-20023
SonicWall Email Security Path Traversal Vulnerability
CVSS
—
No CVSS
EPSS
51.4%
p99
KEV
YES
Nov 3, 2021
Exploit Today
80
0-100
Published: — · Last modified: —
51.4%EPSS · 30 days51.4%
2026-06-302026-07-16
Product
SonicWall / SonicWall Email Security
Vulnerability
SonicWall Email Security Path Traversal Vulnerability
Added to KEV
Nov 3, 2021
Remediate by
Nov 17, 2021
Known ransomware use
Yes
Summary description
SonicWall Email Security contains a path traversal vulnerability that allows a post-authenticated attacker to read files on the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20021 and CVE-2021-20022 to achieve privilege escalation.
Required action
Apply updates per vendor instructions.
Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-20023