Security News > 2021 > April > Hackers found leveraging three SonicWall zero-day vulnerabilities

Attackers that seem to have "Intimate knowledge" of the SonicWall Email Security product have been discovered leveraging three zero-day vulnerabilities in the popular enterprise solution.

Exploited in conjunction, the flaws allowed the attacker to obtain administrative access and code execution on a SonicWall ES device, then install a backdoor, access files and emails, and move laterally into the victim organization's network.

The SonicWall Email Security zero-day vulnerabilities and the discovered attack.

"The system was quickly identified as a SonicWall Email Security application running on a standard Windows Server 2012 installation. The adversary-installed web shell was being served through the HTTPS-enabled Apache Tomcat web server bundled with SonicWall ES. Due to the web shell being served in the application's bundled web server, we immediately suspected the compromise was associated with the SonicWall ES application itself."

Some of the actions the attackers effected demonstrate their familiarity with the innards of the SonicWall Email Security solution and their skill at employing tactics to hide their presence from defenders.

The vulnerabilities affect SonicWall Email Security hardware appliances, virtual appliances and software installations on Microsoft Windows Server.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/Pcqja_7Xw-Q/