Security News > 2021 > April > 3 Zero-Day Exploits Hit SonicWall Enterprise Email Security Appliances
SonicWall has addressed three critical security vulnerabilities in its hosted and on-premises email security product that are being actively exploited in the wild.
"The adversary leveraged these vulnerabilities, with intimate knowledge of the SonicWall application, to install a backdoor, access files, and emails, and move laterally into the victim organization's network."
"With the addition of a web shell to the server, the adversary had unrestricted access to the command prompt, with the inherited permissions of the NT AUTHORITYSYSTEM account," FireEye said, adding the attacker then used "Living off the land" techniques to harvest credentials, move laterally across the network, and even "Compress a subdirectory [that] contains daily archives of emails processed by SonicWall ES.".
SonicWall users are recommended to upgrade to 10.0.9.6173 Hotfix for Windows and 10.0.9.6177 Hotfix for hardware and ESXi virtual appliances.
The SonicWall Hosted Email Security product was automatically patched on April 19 and hence no additional action is required.
"Through the course of this process, SonicWall was made aware of and verified certain zero-day vulnerabilities - in at least one known case, being exploited in the wild - to its hosted and on-premises email security products," the company said in a statement to The Hacker News.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/ZJZxGWLjL1k/3-zero-day-exploits-hit-sonicwall.html
Related news
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks (source)
- Zero-day data security (source)
- Phishers send corrupted documents to bypass email security (source)
- Mitel MiCollab zero-day flaw gets proof-of-concept exploit (source)
- Mitel MiCollab zero-day and PoC exploit unveiled (source)
- Hackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security Detection (source)
- Critical security hole in Apache Struts under exploit (source)
- New Mirai botnet targets industrial routers with zero-day exploits (source)
- Security pros baited with fake Windows LDAP exploit traps (source)