CVE-2021-20022 is a high severity vulnerability with a CVSS score of 7.2. Exploits are available; patches have been released and should be applied urgently. This is classified as a zero-day vulnerability.
Please cite this page when referencing data from Strobes VI. Proper attribution helps support our vulnerability intelligence research.
High probability of exploitation in the next 30 days
EPSS predicts the probability of exploitation in the next 30 days based on real-world threat data, complementing CVSS severity scores with actual risk assessment.
SonicWall Email Security contains an unrestricted upload of file with dangerous type vulnerability that allows a post-authenticated attacker to upload a file to the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20021 and CVE-2021-20023 to achieve privilege escalation.
| Vendor | Product |
|---|---|
| Sonicwall | Email Security Appliance 5000 |
| Sonicwall | Email Security Appliance 7050 Firmware |
| Sonicwall | Email Security Appliance 8300 Firmware |
| Sonicwall | Email Security Appliance 8300 |
| Sonicwall | Email Security Appliance 3300 Firmware |
| Sonicwall | Email Security Appliance 4300 Firmware |
| Sonicwall | Email Security Appliance 5000 Firmware |
| Sonicwall | Email Security Appliance 5050 Firmware |
| Sonicwall | Email Security Appliance 7000 |
| Sonicwall | Email Security Appliance 3300 |
And 10 more...