Security News > 2021 > April > 3 Zero-Day Exploits Hit SonicWall Enterprise Email Security Appliances

SonicWall has addressed three critical security vulnerabilities in its hosted and on-premises email security product that are being actively exploited in the wild.
"The adversary leveraged these vulnerabilities, with intimate knowledge of the SonicWall application, to install a backdoor, access files, and emails, and move laterally into the victim organization's network."
"With the addition of a web shell to the server, the adversary had unrestricted access to the command prompt, with the inherited permissions of the NT AUTHORITYSYSTEM account," FireEye said, adding the attacker then used "Living off the land" techniques to harvest credentials, move laterally across the network, and even "Compress a subdirectory [that] contains daily archives of emails processed by SonicWall ES.".
SonicWall users are recommended to upgrade to 10.0.9.6173 Hotfix for Windows and 10.0.9.6177 Hotfix for hardware and ESXi virtual appliances.
The SonicWall Hosted Email Security product was automatically patched on April 19 and hence no additional action is required.
"Through the course of this process, SonicWall was made aware of and verified certain zero-day vulnerabilities - in at least one known case, being exploited in the wild - to its hosted and on-premises email security products," the company said in a statement to The Hacker News.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/ZJZxGWLjL1k/3-zero-day-exploits-hit-sonicwall.html
Related news
- XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells (source)
- SonicWall firewall exploit lets hackers hijack VPN sessions, patch now (source)
- SonicWall firewall bug leveraged in attacks after PoC exploit release (source)
- ⚡ THN Weekly Recap: Alerts on Zero-Day Exploits, AI Breaches, and Crypto Heists (source)
- URGENT: Microsoft Patches 57 Security Flaws, Including 6 Actively Exploited Zero-Days (source)
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)
- Cybercriminals Exploit CSS to Evade Spam Filters and Track Email Users' Actions (source)
- APTs have been using zero-day Windows shortcut exploit for eight years (ZDI-CAN-25373) (source)
- Stealthy Apache Tomcat Critical Exploit Bypasses Security Filters: Are You at Risk? (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)