cbcvebase.

Sonicwall Email Security Appliance 5000 Firmware vulnerabilities

5 known vulnerabilities affecting sonicwall/email_security_appliance_5000_firmware.

Total CVEs
5
CISA KEV
3
actively exploited
Public exploits
1
Exploited in wild
3
Severity breakdown
CRITICAL2HIGH1MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2021-20021P1CRITICALCVSS 9.8KEVPoCRansomwarefixed in 10.0.9.61052021-04-09
CVE-2021-20021 [CRITICAL] CWE-269 CVE-2021-20021: A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an adm A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host.
nvd
CVE-2021-20023P1MEDIUMCVSS 4.9KEVRansomwarefixed in 10.0.9.61772021-04-20
CVE-2021-20023 [MEDIUM] CWE-22 CVE-2021-20023: SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on the remote host.
nvd
CVE-2021-20022P1HIGHCVSS 7.2KEVRansomwarefixed in 10.0.9.61052021-04-09
CVE-2021-20022 [HIGH] CWE-434 CVE-2021-20022: SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host.
nvd
CVE-2025-40604P2CRITICALCVSS 9.8≤ 10.0.33.81952025-11-20
CVE-2025-40604 [CRITICAL] CWE-494 CVE-2025-40604: Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loa Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore access to modify system files and gain persistent arbitrary code execution.
nvd
CVE-2025-40605P4MEDIUMCVSS 5.3≤ 10.0.33.81952025-11-20
CVE-2025-40605 [MEDIUM] CWE-23 CVE-2025-40605: A Path Traversal vulnerability has been identified in the Email Security appliance allows an attacke A Path Traversal vulnerability has been identified in the Email Security appliance allows an attacker to manipulate file system paths by injecting crafted directory-traversal sequences (such as ../) and may access files and directories outside the intended restricted path.
nvd
Sonicwall Email Security Appliance 5000 Firmware vulnerabilities | cvebase