Vulnerabilities in SonicWall Email Security
CVE-2021-20021 - 9.4 (CVSS 3.0)
CVE-2021-20022- 6.7 (CVSS 3.0)
CVE-2021-20023- 6.7 (CVSS 3.0)
Sources
Risks
A threat actor successfully leveraging these vulnerabilities could install a backdoor, access files and emails and move laterally into the victim organization’s network.
Description
CVE-2021-20021: Email security pre-authentication administrative account creation vulnerability that allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. This can lead to full compromise of the target system (this is the most severe of the three vulnerabilities).
CVE-2021-20022: Email security post-authentication arbitrary file creation vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host.
CVE-2021-20023: Email security post-authentication arbitrary file creation vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host.
Recommended Actions
CERT.be recommends to all System administrators to upgrade their vulnerable SonicWall's hosted email security instances to the adequate patched versions.
Do note that SonicWall Hosted Email Security (HES) is normally automatically patched on monday. It is therefore possible that you already have the fixed version installed.
|
AFFECTED VERSION |
PATCHED VERSION |
PSIRT ADVISORY |
|
Email Security (ES) 10.0.4-Present |
Email Security 10.0.9.6173 (Windows) |
|
|
Email Security (ES) 10.0.4-Present |
Email Security 10.0.9.6177 |
|
|
Hosted Email Security (HES) 10.0.4-Present |
Hosted Email Security 10.0.9.6173 |
References
https://www.fireeye.com/blog/threat-research/2021/04/zero-day-exploits-i...
https://www.bleepingcomputer.com/news/security/sonicwall-firewall-maker-...
https://www.bleepingcomputer.com/news/security/sonicwall-fixes-actively-...