CVE-2021-20022
published 2021-04-09CVE-2021-20022: SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host.
PriorityP184high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
KEVITWRansomware
CISA Known Exploited Vulnerabilitydue 2021-11-17
Exploited in the wild
EPSS
16.51%
96.6th percentile
SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sonicwall | email_security | < 10.0.9.6103 | 10.0.9.6103 |
| sonicwall | email_security | — | — |
| sonicwall | email_security | — | — |
| sonicwall | email_security_appliance_3300_firmware | < 10.0.9.6105 | 10.0.9.6105 |
| sonicwall | email_security_appliance_4300_firmware | < 10.0.9.6105 | 10.0.9.6105 |
| sonicwall | email_security_appliance_5000_firmware | < 10.0.9.6105 | 10.0.9.6105 |
| sonicwall | email_security_appliance_5050_firmware | < 10.0.9.6105 | 10.0.9.6105 |
| sonicwall | email_security_appliance_7000_firmware | < 10.0.9.6105 | 10.0.9.6105 |
| sonicwall | email_security_appliance_7050_firmware | < 10.0.9.6105 | 10.0.9.6105 |
| sonicwall | email_security_appliance_8300_firmware | < 10.0.9.6105 | 10.0.9.6105 |
| sonicwall | email_security_appliance_9000_firmware | < 10.0.9.6105 | 10.0.9.6105 |
| sonicwall | email_security_virtual_appliance | < 10.0.9.6105 | 10.0.9.6105 |
| sonicwall | hosted_email_security | < 10.0.9.6103 | 10.0.9.6103 |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2021-20022 is exploited as part of a three-CVE chain (CVE-2021-20021, CVE-2021-20022, CVE-2021-20023) against SonicWall Email Security to achieve privilege escalation; detect chained exploitation attempts targeting this product. ↗
- →The vulnerability allows a post-authenticated attacker to upload an arbitrary file to the remote host on SonicWall Email Security version 10.0.9.x; monitor for unexpected file uploads by authenticated sessions on this product. ↗
- →CVE-2021-20021 (used in the same exploit chain) involves sending a crafted HTTP request to create an administrative account; monitor SonicWall Email Security for unauthorized admin account creation via anomalous HTTP requests. ↗
- →CVE-2021-20023 (used in the same exploit chain) is a path traversal allowing a post-authenticated attacker to read files on the remote host; monitor for path traversal patterns in requests to SonicWall Email Security. ↗
- ·The vulnerability specifically affects SonicWall Email Security version 10.0.9.x only; detections should be scoped to this version range. ↗
- ·Exploitation requires prior authentication (post-authenticated); unauthenticated access alone is insufficient to trigger CVE-2021-20022, but CVE-2021-20021 in the chain can be used to first create an admin account without credentials. ↗
CVSS provenance
nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck9.8CRITICAL
cisa9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5f56-r8q7-xv26: SonicWall Email Security version 10
ghsa_unreviewed·2022-05-24
CVE-2021-20022 [HIGH] CWE-434 GHSA-5f56-r8q7-xv26: SonicWall Email Security version 10
SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host.
VulnCheck
SonicWall Email Security Unrestricted Upload of File Vulnerability
vulncheck·2021·CVSS 9.8
CVE-2021-20022 [CRITICAL] CWE-434 SonicWall Email Security Unrestricted Upload of File Vulnerability
SonicWall Email Security Unrestricted Upload of File Vulnerability
SonicWall Email Security contains an unrestricted upload of file with dangerous type vulnerability that allows a post-authenticated attacker to upload a file to the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20021 and CVE-2021-20023 to achieve privilege escalation.
Affected: SonicWall SonicWall Email Security
Required Action: Apply updates per vendor instructions.
Known Ransomware Campaign Use: Known
Exploitation References: https://cloud.google.com/blog/topics/threat-intelligence/zero-day-exploits-in-sonicwall-email-security-lead-to-compromise/; https://www.fireeye.com/blog/threat-research/2021/04/zero-day-exploits-in-sonicwall-email-security-lead-to
VulnCheck
SonicWall Email Security Improper Privilege Management Vulnerability
vulncheck·2021·CVSS 9.8
CVE-2021-20021 [CRITICAL] CWE-306 SonicWall Email Security Improper Privilege Management Vulnerability
SonicWall Email Security Improper Privilege Management Vulnerability
SonicWall Email Security contains an improper privilege management vulnerability that allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20022 and CVE-2021-20023 to achieve privilege escalation.
Affected: SonicWall SonicWall Email Security
Required Action: Apply updates per vendor instructions.
Known Ransomware Campaign Use: Known
Exploitation References: https://cloud.google.com/blog/topics/threat-intelligence/zero-day-exploits-in-sonicwall-email-security-lead-to-compromise/; https://www.fireeye.com/blog/threat-research/2021/04/zero-day-exploits-in-sonicwall-ema
VulnCheck
SonicWall Email Security Path Traversal Vulnerability
vulncheck·2021·CVSS 9.8
CVE-2021-20023 [CRITICAL] CWE-22 SonicWall Email Security Path Traversal Vulnerability
SonicWall Email Security Path Traversal Vulnerability
SonicWall Email Security contains a path traversal vulnerability that allows a post-authenticated attacker to read files on the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20021 and CVE-2021-20022 to achieve privilege escalation.
Affected: SonicWall SonicWall Email Security
Required Action: Apply updates per vendor instructions.
Known Ransomware Campaign Use: Known
Exploitation References: https://cloud.google.com/blog/topics/threat-intelligence/zero-day-exploits-in-sonicwall-email-security-lead-to-compromise/; https://www.fireeye.com/blog/threat-research/2021/04/zero-day-exploits-in-sonicwall-email-security-lead-to-compromise.html; https://www.mandiant.com/resourc
CISA
SonicWall Email Security Unrestricted Upload of File Vulnerability
cisa·2021-11-03·CVSS 9.8
CVE-2021-20022 [CRITICAL] CWE-434 SonicWall Email Security Unrestricted Upload of File Vulnerability
Vulnerability: SonicWall Email Security Unrestricted Upload of File Vulnerability
Affected: SonicWall SonicWall Email Security
SonicWall Email Security contains an unrestricted upload of file with dangerous type vulnerability that allows a post-authenticated attacker to upload a file to the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20021 and CVE-2021-20023 to achieve privilege escalation.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2021-20022
Remediation Due Date: 2021-11-17
CISA
SonicWall Email Security Path Traversal Vulnerability
cisa·2021-11-03·CVSS 9.8
CVE-2021-20023 [CRITICAL] CWE-22 SonicWall Email Security Path Traversal Vulnerability
Vulnerability: SonicWall Email Security Path Traversal Vulnerability
Affected: SonicWall SonicWall Email Security
SonicWall Email Security contains a path traversal vulnerability that allows a post-authenticated attacker to read files on the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20021 and CVE-2021-20022 to achieve privilege escalation.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2021-20023
Remediation Due Date: 2021-11-17
CISA
SonicWall Email Security Improper Privilege Management Vulnerability
cisa·2021-11-03·CVSS 9.8
CVE-2021-20021 [CRITICAL] CWE-306 SonicWall Email Security Improper Privilege Management Vulnerability
Vulnerability: SonicWall Email Security Improper Privilege Management Vulnerability
Affected: SonicWall SonicWall Email Security
SonicWall Email Security contains an improper privilege management vulnerability that allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20022 and CVE-2021-20023 to achieve privilege escalation.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2021-20021
Remediation Due Date: 2021-11-17
SonicWall
CVE-2021-20022: SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote
vendor_sonicwall·2021-04-09·CVSS 7.2
CVE-2021-20022 [HIGH] CWE-434 CVE-2021-20022: SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote
CVE-2021-20022: SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host.
No detection rules found.
No public exploits indexed.
2021-04-09
Published
2021-11-03
Added to CISA KEV
Exploited in the wild