Attackers that seem to have “intimate knowledge” of the SonicWall Email Security product have been discovered leveraging three (at the time) zero-day vulnerabilities in the popular enterprise solution.
Exploited in conjunction, the flaws allowed the attacker to obtain administrative access and code execution on a SonicWall ES device, then install a backdoor, access files and emails, and move laterally into the victim organization’s network.
The SonicWall Email Security zero-day vulnerabilities and the discovered attack
The three vulnerabilities in question are:
CVE-2021-20021, which allowed attackers to create an unauthorized administrative account by sending a crafted HTTP request to the remote host
CVE-2021-20022, which allowed post-authenticated attackers to upload arbitrary files to the remote host
CVE-2021-20023, which allowed post-authenticated attackers to read arbitrary files from the remote host
“In March 2021, Mandiant Managed Defense identified post-exploitation web shell activity ..
Support the originator by clicking the read the rest link below.
