Security News > 2021 > April > Hackers found leveraging three SonicWall zero-day vulnerabilities
Attackers that seem to have "Intimate knowledge" of the SonicWall Email Security product have been discovered leveraging three zero-day vulnerabilities in the popular enterprise solution.
Exploited in conjunction, the flaws allowed the attacker to obtain administrative access and code execution on a SonicWall ES device, then install a backdoor, access files and emails, and move laterally into the victim organization's network.
The SonicWall Email Security zero-day vulnerabilities and the discovered attack.
"The system was quickly identified as a SonicWall Email Security application running on a standard Windows Server 2012 installation. The adversary-installed web shell was being served through the HTTPS-enabled Apache Tomcat web server bundled with SonicWall ES. Due to the web shell being served in the application's bundled web server, we immediately suspected the compromise was associated with the SonicWall ES application itself."
Some of the actions the attackers effected demonstrate their familiarity with the innards of the SonicWall Email Security solution and their skill at employing tactics to hide their presence from defenders.
The vulnerabilities affect SonicWall Email Security hardware appliances, virtual appliances and software installations on Microsoft Windows Server.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/Pcqja_7Xw-Q/
Related news
- Patch Tuesday: Microsoft Fixes 134 Vulnerabilities, Including 1 Zero-Day (source)
- Hackers exploit old FortiGate vulnerabilities, use symlink trick to retain limited access to patched devices (source)
- Commvault Confirms Hackers Exploited CVE-2025-3928 as Zero-Day in Azure Breach (source)
- Türkiye Hackers Exploited Output Messenger Zero-Day to Drop Golang Backdoors on Kurdish Servers (source)
- Hackers exploit VMware ESXi, Microsoft SharePoint zero-days at Pwn2Own (source)