SonicWall has released an update for their hosted and on-premises email security products. The update addresses three zero-day vulnerabilities that are being actively exploited in the wild. Exploiting the flaws could allow attackers to gain administrative access to the vulnerable devices, access files and emails, install backdoor malwares, and move laterally to the victim organization’s network.

______________________________

A. Nature of the Vulnerability

The vulnerabilities used in the attacks were tracked as:

CVE-2021-20021, a vulnerability in the SonicWall Email Security that allows attackers to create an administrative account by sending a crafted HTTP request to the remote host.

CVE-2021-20022, a vulnerability in SonicWall Email Security that allows a post-authenticated attacker to upload an arbitrary file to the remote host.

CVE-2021-20023, a vulnerability in SonicWall Email Security that allows a post-authenticated attacker to read an arbitrary file on the remote host.

______________________________

B. List of Vulnerable Systems

Vulnerable SonicWall products are as follows:

Email Security (Windows)

  • version 10.0.4 up to present version
  • version 10.0.3
  • version 10.0.2
  • version 10.0.1
  • version 7.0.0 – 9.2.2

Email Security (Hardware & ESXi Virtual Appliance)

  • version 10.0.4 up to present version
  • version 10.0.3
  • version 10.0.2
  • version 10.0.1
  • version 7.0.0 – 9.2.2

Hosted Email Security

  • version 10.0.4 – Higher
  • version 10.0.3
  • version 10.0.2
  • version 10.0.1

______________________________

C. Actions to be Taken

CERT-PH recommends the following actions be taken:

  • Immediately test and apply the corresponding patched versions of affected SonicWall products from their official channel. (https://www.mysonicwall.com/muir/login) 
  • The hotfix was automatically applied to Hosted Email Security and does not require additional actions from users.
  • For more information regarding the issue, kindly refer to their SonicWall’s security advisory. (https://www.sonicwall.com/support/product-notification/security-notice-sonicwall-email-security-zero-day-vulnerabilities/210416112932360/)