Through the course of standard collaboration and testing, SonicWall has verified, tested and published patches to mitigate three zero-day vulnerabilities to its hosted and on-premises email security products.
In at least one known case, these vulnerabilities have been observed to be exploited ‘in the wild.’ It is imperative that organizations using SonicWall Email Security hardware appliances, virtual appliances or software installation on Microsoft Windows Server immediately upgrade to the respective SonicWall Email Security version listed below.
SonicWall Hosted Email Security (HES) was patched on April 19, 2021, and no action is required from organizations that are only using the hosted email security product.
SonicWall Email Security versions 7.0.0-9.2.2 are also impacted by the above vulnerabilities. However, these legacy versions have reached end of life (EOL) and are no longer supported. Organizations using these legacy product versions and have an active support license can download the latest Email Security versions from their MySonicWall account.
Customers without an active support license should contact their SonicWall SecureFirst partner to renew the license and upgrade to the latest SonicWall Email Security version. To find your local partner, please visit the SonicWall Partner Locator.
IPS Signatures Detect Exploitation
SonicWall has automatically deployed Intrusion Prevention System (IPS) signatures to help detect and block attacks that attempt to leverage the above vulnerabilities. The below signatures have already been applied to SonicWall firewalls with active security subscriptions.
CVE-2021-20021: Email Security Pre-Authentication Administrative Account Creation: A vulnerability in the SonicWall Email Security versions listed above could allow an attacker to potentially create an administrative account by sending a crafted HTTP request to the remote host.
CVE-2021-20022: Email Security Post-Authentication Arbitrary File Creation: A vulnerability in the SonicWall Email Security versions listed above could allow a post-authenticated attacker to potentially upload an arbitrary file to the remote host.
CVE-2021-20023: Email Security Post-Authentication Arbitrary File Read: A vulnerability in the SonicWall Email Security versions listed above could allow a post-authenticated attacker to potentially read an arbitrary file from the remote host.
SONICWALL SSL-VPN SMA100 version 10.X is affected by multiple vulnerabilities Overview CVE-2023-44221: Post Authentication OS Command Injection Vulnerability (CVSS Score: 7.2) Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege...
With millions of stolen credentials currently up for sale, the time for stronger authentication is now. In “Star Trek: The Next Generation,” Jean-Luc Picard famously said, “It is possible to commit no mistakes and still lose.” This applies to many...
A solid password is instrumental to keeping your important accounts and information safeguarded. October is typically associated with pumpkin spice lattes, college football, crunching leaves underfoot and ghostly fun, but did you know it’s also Cybersecurity Awareness Month? This is...