ID

VAR-202104-0756


CVE

CVE-2021-20022


TITLE

SonicWall Email Security  Unlimited Upload Vulnerability in File Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-005324

DESCRIPTION

SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host. SonicWall Email Security Is vulnerable to an unlimited upload of dangerous types of files.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Sonicwall SonicWall Email Security Appliance is an email security protection device of SonicWall (Sonicwall) company in the United States

Trust: 2.34

sources: NVD: CVE-2021-20022 // JVNDB: JVNDB-2021-005324 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-377641 // VULMON: CVE-2021-20022

AFFECTED PRODUCTS

vendor:sonicwallmodel:hosted email securityscope:ltversion:10.0.9.6103

Trust: 1.0

vendor:sonicwallmodel:email securityscope:ltversion:10.0.9.6103

Trust: 1.0

vendor:sonicwallmodel:e-mail securityscope: - version: -

Trust: 0.8

vendor:sonicwallmodel:hosted e-mail securityscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-005324 // NVD: CVE-2021-20022

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-20022
value: HIGH

Trust: 1.0

NVD: CVE-2021-20022
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202104-593
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

VULHUB: VHN-377641
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-20022
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-20022
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-377641
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-20022
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-20022
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-377641 // VULMON: CVE-2021-20022 // JVNDB: JVNDB-2021-005324 // CNNVD: CNNVD-202104-593 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-20022

PROBLEMTYPE DATA

problemtype:CWE-434

Trust: 1.1

problemtype:Unlimited upload of dangerous types of files (CWE-434) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-377641 // JVNDB: JVNDB-2021-005324 // NVD: CVE-2021-20022

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202104-593

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202104-593

PATCH

title:SNWLID-2021-0008url:https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0008

Trust: 0.8

title:SonicWall Email Security Fixes for code issue vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=147334

Trust: 0.6

sources: JVNDB: JVNDB-2021-005324 // CNNVD: CNNVD-202104-593

EXTERNAL IDS

db:NVDid:CVE-2021-20022

Trust: 3.4

db:JVNDBid:JVNDB-2021-005324

Trust: 0.8

db:CS-HELPid:SB2021041210

Trust: 0.6

db:CNNVDid:CNNVD-202104-593

Trust: 0.6

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:VULHUBid:VHN-377641

Trust: 0.1

db:VULMONid:CVE-2021-20022

Trust: 0.1

sources: VULHUB: VHN-377641 // VULMON: CVE-2021-20022 // JVNDB: JVNDB-2021-005324 // CNNVD: CNNVD-202104-593 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-20022

REFERENCES

url:https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0008

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-20022

Trust: 1.4

url:https://www.cybersecurity-help.cz/vdb/sb2021041210

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/434.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-377641 // VULMON: CVE-2021-20022 // JVNDB: JVNDB-2021-005324 // CNNVD: CNNVD-202104-593 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-20022

SOURCES

db:VULHUBid:VHN-377641
db:VULMONid:CVE-2021-20022
db:JVNDBid:JVNDB-2021-005324
db:CNNVDid:CNNVD-202104-593
db:CNNVDid:CNNVD-202104-975
db:NVDid:CVE-2021-20022

LAST UPDATE DATE

2024-11-23T21:16:15.868000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-377641date:2021-04-14T00:00:00
db:VULMONid:CVE-2021-20022date:2021-04-14T00:00:00
db:JVNDBid:JVNDB-2021-005324date:2021-12-13T01:24:00
db:CNNVDid:CNNVD-202104-593date:2021-04-19T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:NVDid:CVE-2021-20022date:2024-11-21T05:45:47.977

SOURCES RELEASE DATE

db:VULHUBid:VHN-377641date:2021-04-09T00:00:00
db:VULMONid:CVE-2021-20022date:2021-04-09T00:00:00
db:JVNDBid:JVNDB-2021-005324date:2021-12-13T00:00:00
db:CNNVDid:CNNVD-202104-593date:2021-04-09T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:NVDid:CVE-2021-20022date:2021-04-09T18:15:13.460