Users of SonicWall Email Security are being urged to patch a series of three criticalthat were first identified almost a fortnight ago but are likely to have been exploited in the wild since March and are only now beginning to be publicized, leading to questions for the firm. The three vulnerabilities have been assigned CVE-2021-20021, CVE-2021-20022, and CVE-2021-20023 and exist in various SonicWall’s Email Security products . The vulnerabilities also exist in some versions of the product that have been end-of-life and are no – for legacy users, SonicWall is urging a complete upgrade.
CVE-2021-20021 is a pre-authentication admin account creation vulnerability that could enable ato create an admin account by sending a specially crafted HTTP request to the remote host.
CVE-2021-20022 is a post-authentication arbitrary file creation vulnerability whereby a post-authenticated.
CVE-2021-20023 is a post-authentication arbitrary file read vulnerability whereby an attacker could read a random file from the remote host.
SonicWall said: “Through the standard collaboration and testing, SonicWall has verified, tested, and published patches to mitigate three zero-day vulnerabilities to its hosted and on-premise email security products. “In at least one It is imperative that organizations using SonicWall Email Security hardware appliances, virtual appliances, or software installation on FireEye Mandiant researchers first discovered the three vulnerabilities during an incident response engagement. Iandiant said the attacker had “intimate” knowledge of the Server immediately upgrade.” to install a backdoor, access their victim’s files and emails, and move laterally into their network., these vulnerabilities have been observed to be exploited ‘in the wild’.
In this incident, the vulnerabilities were chained to obtain admin rights and code execution capabilities on an on-premise SonicWall Email Security device. Meanwhile, SonicWall is facing criticism over the speed and urgency of its response after waiting a week after quietly releasing patches beginning on 9 April to inform users that the zero-days were being actively exploited, information that manyto patching strategies.
According to SonicWall’s boilerplate, the Email Security product “provides comprehensive inbound and outbound protection, and defends against advanced email-borne, zero-day threats, spear phishing and business email compromise (BEC)”, so its compromise is a definite source of concern.
SonicWall further told“SonicWall designed, tested, and published patches to correct the issues and communicated these mitigations to customers and partners. SonicWall strongly encourages customers and organizations worldwide to maintain diligence in posture.”
in 2021 that SonicWall has had zero-days discovered in its products. In January, Computer Weekly’s sister site reported on probable zero-days in its Secure Mobile Access 100 product that were confirmed as such .