Cybersecurity solutions provider SonicWall has asked companies using its Email Security (ES) products to upgrade to the latest version to mitigate a set of critical zero-day vulnerabilities.
Researchers at security firm Mandiant Managed Defense were the first to identify the three vulnerabilities, which were actively exploited in the wild. In a blog post, the researchers described the attack made possible by the vulnerabilities.
They note that the flaws were chained and executed jointly by the threat actors in order to gain administrative access and code execution permissions on a SonicWall ES device.
We take a look at how our readers are using VPN for an upcoming in-depth report. We would love to hear from you in the poll below. It won’t take more than 60 seconds of your time.
>> Click here to start the survey in a new window <
The good news, however, is that all three vulnerabilities have now been addressed.
“It is imperative that organizations using SonicWall Email Security hardware appliances, virtual appliances, or software installations on Microsoft Windows Server immediately upgrade to the corresponding version of SonicWall Email Security,” SonicWall said.
One of the vulnerabilities, tracked as CVE-2021-20021, has a very high Common Vulnerability Scoring System (CVSS) rating of 9.4 / 10, as it can be exploited to create an administrative account by sending a specially crafted HTTP request. to the remote host. .
Mandiant researchers became aware of the vulnerabilities by investigating a post-exploitation backdoor in a client’s SonicWall Email Security instance running on a Windows Server 2012 installation.
They note that the attackers had intimate knowledge of the SonicWall app and used a combination of the three exploits interchangeably to not only install a backdoor, but also gain access to files and emails and traverse the network of the victim organization.
SonicWall, for its part, has provided step-by-step instructions for its customers to apply the security update to mitigate the vulnerabilities.