PT-2021-2764 · Sonicwall · Sonicwall Email Security
Published
2021-04-20
·
Updated
2025-11-12
·
CVE-2021-20023
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:L/Au:S/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
SonicWall Email Security version 10.0.9.x
Description:
The issue is related to incorrect restriction of a directory path with limited access. This allows a remote attacker to gain unauthorized access to protected information. Specifically, it enables a post-authenticated attacker to read an arbitrary file on the remote host.
Recommendations:
For SonicWall Email Security version 10.0.9.x, consider restricting access to sensitive files and directories until a patch is available. As a temporary workaround, limit the privileges of authenticated users to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sonicwall Email Security