Threat Update
SonicWall, a security hardware manufacturer, has released patches to address a set of three zero-day vulnerabilities. These vulnerabilities affect both on-premises and hosted Email Security products. These vulnerabilities could allow for attackers to create administrative accounts, upload arbitrary files, and read arbitrary files. These vulnerabilities have allegedly been exploited, and SonicWall is urging any customers who use Email Security hardware appliances, virtual appliances or software installations on Microsoft Windows Server machines to upgrade those services immediately to apply these security patches.
Technical Detail & Additional Information
WHAT IS THE THREAT?
CVE-2021-20021: Email Security Pre-Authentication Administrative Account Creation
- This vulnerability could potentially allow attackers to create administrative accounts by sending specially crafted malicious HTTP requests to the vulnerable remote hosts. This could allow for attackers to gain escalated privileges and perform further malicious activity on a network.
CVE-2021-20023: Email Security Post-Authentication Arbitrary File Creation
- This vulnerability could potentially allow attackers to upload potentially malicious arbitrary files, post-authentication. This could potentially allow for an attacker to upload malware or other malicious files onto the remote hosts.
CVE-2021-20023: Email Security Post-Authentication Arbitrary File Creation
- This vulnerability could potentially allow for post-authenticated attackers to read arbitrary files from a vulnerable remote host. This could potentially allow for the compromise of sensitive information present on these hosts.
WHY IS IT NOTEWORTHY?
The vulnerabilities above post significant threats to any company who uses SonicWall technologies. SonicWall is used and trusted by tens of thousands of companies. Attackers with knowledge of these vulnerabilities could do some serious damage, as they have many different companies to potentially target. SonicWall has done the work to pinpoint and patch these vulnerabilities, and any company who uses SonicWall should ensure they are not using an affected version (Those versions are listed below) and should update those versions immediately if they are.
WHAT IS THE EXPOSURE OR RISK?
If a device is exploited, attackers could have the ability to do much damage. These three vulnerabilities could allow attackers to install backdoors, which could allow attackers to bypass security measures that keep devices safe. They could allow attackers to access files and emails, which could contain sensitive personal and company information that may be stored on the affected devices. They could also allow for attackers to gain admin privileges within the network of an organization. This is something that would be extremely dangerous, as it could lead to data compromise, and the potential for services becoming unavailable. The risk for customers using vulnerable versions of SonicWall is very high, and they should look to update to patched versions as soon as possible.
WHAT ARE THE RECOMMENDATIONS?
Update SonicWall appliances as soon as possible. These vulnerabilities have been patched and those who apply these patches should no longer be at risk.
| Affected Versions | Patched Versions |
| Email Security (ES) 10.0.4-Present Email Security 10.0.3 Email Security 10.0.2 Email Security 10.0.1 |
Email Security 10.0.9.6173 (Windows) |
| Email Security (ES) 10.0.4-Present Email Security 10.0.3 Email Security 10.0.2 Email Security 10.0.1 |
Email Security 10.0.9.6177 (Hardware & ESXi Virtual Appliance) |
| Hosted Email Security (HES) 10.0.4-Present Hosted Email Security 10.0.3 Hosted Email Security 10.0.2 Hosted Email Security 10.0.1 |
Hosted Email Security 10.0.9.6173 (Patched Automatically) |
References:
For more in-depth information about the recommendations, please visit the following links:
If you have any questions, please contact our Security Operations Center.
