Three SonicWall Zero-Day Bugs Under Active Attack – Patches Deployed – Update Now

SonicWall has recently fixed three zero-day bugs affecting its Email Security products. Though the patches are out, considering the active exploitation of the flaws, the vendors urge the customers for the update.

Three SonicWall Zero-Day Bugs Found

Recently, security researchers from FireEye discovered three zero-day bugs in the SonicWall Email Security product. As elaborated in their advisory, these vulnerabilities include the following.

  • CVE-2021-20021: allowed creating unauthorized admin accounts by sending a maliciously crafted HTTP request.
  • CVE-2021-20022: allowed uploading arbitrary files to the remote host by a post-authenticated attacker.
  • CVE-2021-20023: allowed a post-authenticated attacker to read arbitrary files.

FireEye confirmed the active exploitation of the zero-day bugs. Explaining the attacks, they stated,

These vulnerabilities were executed in conjunction to obtain administrative access and code execution on a SonicWall ES device. The adversary leveraged these vulnerabilities, with intimate knowledge of the SonicWall application, to install a backdoor, access files and emails, and move laterally into the victim organization’s network.

Patches Rolled Out

Specifically, the researchers found two of these bugs, CVE-2021-20021 and CVE-2021-20022, in March 2021, that they disclosed to SonicWall shortly. Later, they found another vulnerability, CVE-2021-20023, that they also communicated to the vendors.

Consequently, after initially deploying hotfix, SonicWall released stable patches recently. The patched versions include Email Security version 10.0.9.6173 (Windows) and 10.0.9.6177 (Hardware & ESXi Virtual Appliances).

Given that the bugs have already caught the attention of cybercriminals, all users must ensure keeping their systems updated with the latest ES versions. SonicWall has also urged the users for the same in their advisory,

In at least one known case, these vulnerabilities have been observed to be exploited ‘in the wild.’ It is imperative that organizations using SonicWall Email Security hardware appliances, virtual appliances or software installation on Microsoft Windows Server immediately upgrade to the respective SonicWall Email Security version.

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients