Patch these SonicWall zero-days now, customers warned

Researchers believe the hackers had extensive knowledge of SonicWall’s products

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cybersecuritysolutions provider SonicWall has asked businesses using itsEmail Security(ES) products to upgrade to the latest version in order to mitigate a set of serious zero-day vulnerabilities.

Researchers at security firm Mandiant Managed Defense were first to identify the three vulnerabilities, which were being actively exploited in the wild. In ablog post, the researchers described the attack made possible by the vulnerabilities.

They note that the flaws were chained and executed in conjunction by the threat actors in order to gain administrative access and code execution permissions on a SonicWall ES device.

We’re looking at how our readers use VPN for a forthcoming in-depth report. We’d love to hear your thoughts in the survey below. It won’t take more than 60 seconds of your time.

Click here to start the survey in a new window«

The good news, though, is that all three vulnerabilities have now been patched.

“It is imperative that organizations using SonicWall Email Security hardware appliances,virtual appliancesor software installation onMicrosoftWindows Server immediately upgrade to the respective SonicWall Email Security version,” saidSonicWall.

Complex attack

One of the vulnerabilities, tracked as CVE-2021-20021, has a very high Common Vulnerability Scoring System (CVSS) rating of 9.4/10, as it can be exploited to create an administrative account by sending a crafted HTTP request to the remote host.

Mandiant researchers became aware of the vulnerabilities while investigating a post-exploitation backdoor in a customer’s SonicWall Email Security instance running atop a Windows Server 2012 installation.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

They note that the attackers had intimate knowledge of the SonicWall application and used a combination of all the three exploits interchangeably to not just install a backdoor, but also access files and emails, and traverse the victim organization’s network.

SonicWall, for its part, has provided step-by-step instructions to enable its customers to apply the security update in order to mitigate the vulnerabilities.

Update:

A SonicWall spokesperson has since providedTechRadar Prowith the following statement:

“SonicWall routinely collaborates with third-party researchers and forensic analysis firms to ensure that our products meet or exceed security best practices. Through the course of this process, SonicWall was made aware of and verified certain zero-day vulnerabilities to its hosted and on-premises email security products. SonicWall designed, tested and published patches to correct the issues and communicated these mitigations to customers and partners.““SonicWall strongly encourages customers — as well as organizations worldwide — to maintain diligence inpatch managementto strengthen the community’s collective security posture.”

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Washington state court systems taken offline following cyberattack

Is it still worth using Proton VPN Free?

Target kicks off its Black Friday sale with deals on TVs, toys, iPads, air fryers and more