CVE-2021-20022

Name of the Vulnerable Software and Affected Versions SonicWall Email Security version 10.0.9.x SonicWall Hosted Email Security (affected versions not specified)

Description The issue is related to insufficient file checking during upload, allowing a remote attacker to gain unauthorized access to protected information by uploading a malicious ZIP archive. This can impact the confidentiality, integrity, and availability of the protected information. The vulnerability can be exploited by a post-authenticated attacker to upload an arbitrary file to the remote host.

Recommendations For SonicWall Email Security version 10.0.9.x, consider restricting file uploads until a patch is available. For SonicWall Hosted Email Security, at the moment, there is no information about a newer version that contains a fix for this vulnerability.