Security News > 2021 > April > 3 Zero-Day Exploits Hit SonicWall Enterprise Email Security Appliances

SonicWall has addressed three critical security vulnerabilities in its hosted and on-premises email security product that are being actively exploited in the wild.

"The adversary leveraged these vulnerabilities, with intimate knowledge of the SonicWall application, to install a backdoor, access files, and emails, and move laterally into the victim organization's network."

"With the addition of a web shell to the server, the adversary had unrestricted access to the command prompt, with the inherited permissions of the NT AUTHORITYSYSTEM account," FireEye said, adding the attacker then used "Living off the land" techniques to harvest credentials, move laterally across the network, and even "Compress a subdirectory [that] contains daily archives of emails processed by SonicWall ES.".

SonicWall users are recommended to upgrade to 10.0.9.6173 Hotfix for Windows and 10.0.9.6177 Hotfix for hardware and ESXi virtual appliances.

The SonicWall Hosted Email Security product was automatically patched on April 19 and hence no additional action is required.

"Through the course of this process, SonicWall was made aware of and verified certain zero-day vulnerabilities - in at least one known case, being exploited in the wild - to its hosted and on-premises email security products," the company said in a statement to The Hacker News.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/ZJZxGWLjL1k/3-zero-day-exploits-hit-sonicwall.html