Home Latest News Three Zero-Day Security Vulnerabilities Fixed by SonicWall

Three Zero-Day Security Vulnerabilities Fixed by SonicWall

by CISOCONNECT Bureau

After attackers started exploiting three zero-day vulnerabilities in SonicWall’s Email Security product last month, the company patched them in both the hosted and on-premises versions.

According to FireEye Mandiant, which discovered the security vulnerabilities, hackers have used the 3 flaws to install web shells, or remote access scripts, on computers. According to a blog post by FireEye, this access can then be used to access an organization’s email. According to the security company, hackers may also use access to pivot deeper into victims’ networks, which is known as lateral movement.

According to a SonicWall advisory, the compromised program requires both hosted and on-premises Email Security versions 10.0.1 and up.

For hardware appliances and ESXi Virtual Appliances, organisations can upgrade to Email Security version 10.0.9.6173 for Windows and version 10.0.9.6177 for ESXi Virtual Appliances.

On March 26, FireEye Mandiant observed attacks linked to the security vulnerabilities and notified SonicWall. On April 9, SonicWall customers received hotfixes and updates for two of the vulnerabilities, CVE-2021-20021 and CVE-2021-20022, and a patch for the third, CVE-2021-20023, was sent out on Monday.

Recommended for You

Recommended for You

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Close Read More

See Ads