Security News > 2021 > April > Hackers found leveraging three SonicWall zero-day vulnerabilities
Attackers that seem to have "Intimate knowledge" of the SonicWall Email Security product have been discovered leveraging three zero-day vulnerabilities in the popular enterprise solution.
Exploited in conjunction, the flaws allowed the attacker to obtain administrative access and code execution on a SonicWall ES device, then install a backdoor, access files and emails, and move laterally into the victim organization's network.
The SonicWall Email Security zero-day vulnerabilities and the discovered attack.
"The system was quickly identified as a SonicWall Email Security application running on a standard Windows Server 2012 installation. The adversary-installed web shell was being served through the HTTPS-enabled Apache Tomcat web server bundled with SonicWall ES. Due to the web shell being served in the application's bundled web server, we immediately suspected the compromise was associated with the SonicWall ES application itself."
Some of the actions the attackers effected demonstrate their familiarity with the innards of the SonicWall Email Security solution and their skill at employing tactics to hide their presence from defenders.
The vulnerabilities affect SonicWall Email Security hardware appliances, virtual appliances and software installations on Microsoft Windows Server.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/Pcqja_7Xw-Q/
Related news
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
- Zero-days dominate top frequently exploited vulnerabilities (source)
- Most of 2023’s Top Exploited Vulnerabilities Were Zero-Days (source)
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities (source)
- RomCom hackers chained Firefox and Windows zero-days to deliver backdoor (source)
- Firefox and Windows zero-days exploited by Russian RomCom hackers (source)
- U.S. Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls (source)